Replies: 0
folks,
just experienced something a little disturbing.
i received an email from my site stating:
A user with username “{myusername}” deactivated Wordfence on your WordPress site.
User IP: 192.0.87.173
User hostname: 192.0.87.173
User location: Richardson, United States
when i checked the ip address, it stated that the ip address belonged to “automattic” (wordpress.com, woocommerce).
when i went into my plugins section i saw a plugin that said “wordfence”, but it looked a little specious, so instead of activating it, i deleted it.
i then went back to wordpress.org, and reinstalled wordfence, and re-activated it.
in looking at the plugin section, the plugin title for wordfence is actually “Wordfence Security”.
so that leads me to believe that some other function/code/etc somehow deactivated the real wordfence and installed a fake version (maybe with malware).
i checked to see if there were any suspicious logins on my self-hosted wordpress site, but there have been none.
so now the questions is, what exactly happened?
any thoughts?