I have a client site that had been compromised a while back. Site was cleaned up, all plugins updated and wordpress updated for last few months all ok. I still have your plugin activated obviously to block dodgy people, IP etc. I have auto block setup for logins with usernames that don’t exist as well and for users that have been removed also.

Love your plugin.

I have now replaced ALL files in the wp-admin, wp-includes and all root files to eliminate the dodgy people altogether.

Gosh its a hard task to get rid of these dodgy people at times.

So my question is, if I have ALL plugins up to date, WordPress latest version, Theme up to date, AND wp-admin, wp-includes and root files all replaced, HOW is it possible OR should I ask WHERE could they be still trying to access things?

Any old obsolete plugins have also been removed because at times its hard to know that a plugin has become obsolete, but at least your scans pick that up also.

Maybe there is another way or another area I need to check?

I changed 1 particular username to NO ROLE, and I received an email today that someone logged in from Russia with that username. That makes no sense when there is NO role valid for that username. So I have now deleted that username altogether. So I’m bit confused if NO ROLE, then how do they login?

I assumed if I replaced and removed fully the wp-admin, and wp-includes and root files that I would be back to a fresh start.

Wp-content is still the same and I’ve removed all cache files also.

Do you have any other suggestions for me to investigate to totally clean it up and look in the backend please?

Thanks

Client site I cannot start a scan in Wordfence anymore

A scan stage has failed to start. This is often because the site either cannot make outbound requests or is blocked from connecting to itself. Wordfence will make up to 2 attempts to resume each failed scan stage. This scan may recover if one of these attempts is successful

What could be causing this please and HOW to rectify this?

Thanks

Wordfence is finding this file malicious in its scan. Could this be a false positive or an issue with your plugin maybe ?

All plugins are up to date.

Severity: enMaliciousThreatType File: wp-content/plugins/class-sassy-social-share-public.php File signature: 8773c4bafdfcd0b0c245b26b8905ca39

Threat signature: 0048b334f833b6dd8efc40ca2f349144 Threat name: Trojan.PHP.Popad.gen.d4 Threat: <?php /** * Cont Details: Detected malicious PHP code

Could you please advise or help please?

Thanks

I have a client site that has been running slow and 503 timeouts. Plugins are up to date and WordPress. Didn’t really think it had been compromised but thought I would install your plugin and investigate and scan.

There was also an obsolete discontinued plugin that I wasn’t aware of. So I have removed that and installed another replacement plugin.

The scan shows a file .listing in many directories … which shouldn’t be there.

So when I go into File Manager I see this file that shouldn’t be there.

So obviously the site has been compromised… maybe because of the discontinued plugin I wasn’t aware of.

.listing file

It is in nearly every directory and sub directory. I know I can remove manually that file and will take many hours.

Is there another way maybe within your plugin to remove this UNWANTED and possibly malicious file in ALL directories?

Hoping there is an option, otherwise the slow manual way I have already started to delete but thought I would ask.

Thanks

I have wordfence installed.

Someone dodgy just logged into the main admin email which is a very hard password.

Wordfence emailed me to let me know.

I quickly logged on and created a new Admin user and deleted that old Admin Account … lucky I saw this happen half hour afterwards.

Anyway , now what is my strategy as I’m not trusting anything now .

Most plugins were already updated. But I’m doing it again.

I’m checking the live scan as I can see attempts in logging in to that admin account.

No-one else has access.

What else do I check within Wordfence please to secure the site better ?

Also I’ve just installed WP Activity log, so I have history of anyone logging in to view and see what is happening.

HOW would they have gotten in, no old obsolete plugins, wordpress only 1 version old so not old.

Please advise extra measures I need to take as I’m very nervous now HOW they got in, as it was a very complicated password.

Thanks

My question is, when a site is getting many hits for potential dodgy people trying to access a site, and especially if a site has been compromised previously, and cleaned up completely, and those dodgy people are still trying to get into that site … whether it is bots or a dodgy human.

I assume then that would take up and cause issues on the web hosting server side of things, using I/O resources as it is getting continual hits and then Wordfence having to do its job … therefore using MORE resources in the backend of the WordPress website to protect the website?

I have some client sites who keep getting lagging on the hosting server, and I/O limit hit to 100%, then they have to kill the service so I can do things, then its fine for a while. I have had numerous conversations with the issue with hosting and they are saying it is not their servers.

These are sites with Wordfence on them only. Sites with no Wordfence are not having the issue on the same hosting server.

So then I’m thinking possibly then it is the resources being used by Wordfence possibly when trying to keep a website safe?

Could that be the case?

Could you shed some light on HOW things work when Wordfence protects a site, and if it can use quite a bit of hosting resources to do its job to protect the client site ?

Some more clarification on HOW I can resolve this would be great. Thanks in advance!

Please advise that would be great.

Thanks

I’ve got a client who is using Wordfence. AND I have backed up the site and putting it on my test server to do some updates etc.

I still have Wordfence activated within the backup. I use backupbuddy to restore websites.

My question is as I’m trying to restore now, it won’t let me due to the Wordfence being activated I’m assuming as all I’m getting is a white screen.

Therefore I renamed the Wordfence plugin AND the php.ini and .waf file so I could continue restoring the site and then hopefully reactivate it once I have it all working.

What is the best strategy here for moving a client site onto another server and as I have backups done regularly which includes Wordfence activated obviously.

Thanks

I seem to be having an issue with some clients on a particular server that have Wordfence installed.

The websites are not displaying. The common demoninator seems to be that they have Wordfence installed. Clients that have no Wordfence on their websites on the same server are NOT having the issue.

The connection has timed out

An error occurred during a connection

• The site could be temporarily unavailable or too busy. Try again in a few moments.
• If you are unable to load any pages, check your computer’s network connection.
• If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the web.

WHAT could be causing this issue please ?

The hosting are getting frustrated and so am I and my clients …

I need to pinpoint the issue. Could you offer some advice on why Wordfence would be causing this type of issue and HOW to rectify this ?

Thanks

Kristin

The following file(s) specifically have been identified as attacker-added malware. We have DISABLED these files by … You will need to audit these files and either replace them with known good versions or remove them altogether:

/…/gmc-mca.org/…/wp-prayer/modules/export/tcpdf/tcpdf.php

The existence of this known attacker content indicates that your website or user password has been compromised. You or a trusted webmaster will need to determine the attack vector and then take actions to mitigate further exploits.

Is this a false positive or is it a correct identification?

Bradford