Replies: 0
Hi there, our wordpress websites have been hacked by “AnonymousFox”. I’ve researched and did all the clean ups and taken preventive measures. But the hacking just keeps recurring every few days.
The hack’s symptoms:
– Malicious files (xxxxxx.php, fake .htaccess, infected or fake index.php). Some of the malicious files appear as “Protect Uploads”. They always reappear despite deleting.
– Fake wordpress users and email accounts get created
– Admin user login details get hacked at times
What I’ve already tried:
– Have gotten the webhost to enable symlink protection in their WHM
– Deleted the entire public_html & sql database. Reinstalled the entire website from scratch. For most websites, I reinstalled the WordPress files
– Deleted the fake users in phpmyadmin
– Deleted fake email accounts
– Deleted all the malicious files (xxxxxx.php, fake .htaccess, infected or fake index.php). Some of the malicious files appear as “Protect Uploads”. They always reappear despite deleting.
– Installed Wordfence & did a full scan which always shows no issues after my clean up. But the hacker can remove the Wordfence plugin entirely.
– Keep all plugins updated, enabled auto-update while using the most updated WordPress version 6.0.1
But all have been ineffective, and I’d need perspective on how to stop this hack properly. Thank you.