Hi there, I installed Wordfence on a recently hacked site. The hackers are still uploading random .php files into my core wordpress folder periodically, along with extra folders and .html files
I'm wondering why Wordfence doesn't always catch these? I'll do a scan and it will say everything is OK when there's obvious .php files in the core folder that don't belong there. For example:
4 fw41u1.php 4 wp-blog-header.php 12 wp-mail.php
4 hyxjhlkc.php 8 wp-comments-post.php 12 wp-settings.php
12 index.html 4 wp-config.php 28 wp-signup.php
4 index.php 4 wp-config-sample.php 4 wp-snapshots
20 license.txt 4 wp-content 4 wp-trackback.php
4 qkzq8mz.php 4 wp-cron.php 4 xmlrpc.php
4 qtk9kef.php