Hi Barnez,
It happened to all 6 of my websites yesterday. The server provider says that he saw 5 other websites on his server brought down in addition to my six websites.
His team thinks it's a plugin virus or attack. However I have not changed the plugins on at least two of my sites for months and months. And yet they all went down at the same time. All with similiar but not exactly the same error.
I went to the directories of each of the websites to look and between 10:30 A.M. and 10:45 A.M. multiple php files had a timestamp with yesterday morning on it.
It wasn't me as I hadn't accessed any of them since the previous night.
Wordfence works great on attempted password attacks as I block ip addresses on the first wrong password even for myself.
But what about php attacks? What prevention do we take on that?
How anyone gets to the php files is beyond me.
This was not an attempt to sign in or I would have gotten a notification from Wordfence.
So someone or something got to the server itself. Unless there is a plugin that can capture your password and then send it to someone.
Any suggestions?
Thanks,
chrisjackson