Quantcast
Channel: WordPress.org Forums » [Wordfence Security - Firewall, Malware Scan, and Login Security] Support
Viewing all articles
Browse latest Browse all 32701

CrunchyData on "wordfence not spotting modified plug-in files"

$
0
0

Do you, or did you, happen to have the MailPoet plugin installed on your site? This sounds exactly like what happens with the MailPoet exploit. Sucuri didn't see the malware at all on our client's site, and SiteLock and Wordfence caught some, but not all of it.

Even if you don't currently or never had that plugin installed, if you're on a shared server, your site could have been infected by another site on your server that has the plugin installed.

Hopefully you have backups of everything from before the date your site was hacked and you can do a complete restoration. The malware backdates files it modifies, so use a backup that is several weeks old if you can. Export your posts first, just in case. Even then you may have some cleanup work.

iThemes Security does a good job of showing the modified files. I'm not a malware expert by any means, but once it's in, it modifies all of your php files, including Wordfence's.

The only other option I know of is to edit every php file on your site to remove those top lines of code.

After you clean your site, I'd suggest using Wordfence (of course!) + iThemes (enable "Disable PHP in uploads") + Bruteprotect + Cloudflare and check your folder and file permissions.


Viewing all articles
Browse latest Browse all 32701

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>