Hi,
One of my website, protected by wordfence, has been hacked.
Wordfence detected the malicious code in a new file but, I looked on the access logs and found many IPs (more than 200) accessing to the file /wp-includes/input.php (with both method GET and POST).
After editing this "input" file, it doesn't seem to be a valid core WP file and it doesn't exist in all my others WP sites.
Why Wordfence doesn't match this file as an alert?
Sebastien from Calliope IT
PS : Sorry for my poor english