Block Executable File Uploads Not Working

You need to trace where and how these files were submitted to your site.

If WordPress was used to upload these files, then the firewall would have blocked it. You need to ensure that other channel – FTP, cPanel etc. are not compromised as files can be uploaded that way. Further more, files may be placed on your site via other compromised plugins/themes directly, bypassing the WordPress load.

The plugin can block many avenues as long as it’s WordPress that loads, and not direct file access. It cannot block direct file upload via other php files on the server.

Thank you for the response and explanation.

I actually just received yet another Email without subject coming from the site. Both the From and To emails are mine, so it’s as if I emailed the attached php file to myself. The file ends up in my uploads folder.

I can’t seem to figure out how this is happening. Any thoughts/ideas/suggestions?

Reinstall your core wordpress files, and reinstall your original plugin files. I’m honestly not sure what your issue is, but I would start cleaning out your site and ensuring you know what all files are there and why… it’s possible you have a compromised file in there with a hack. I honestly don’t know though.

Area all your plugins, themes and WordPress up-to-date?

I’m not seeing any updates required for anything, but I’ll try doing a reinstall as you suggested.

Were you able to make any progress with this?

Thanks for following up. I’m having the site looked at in depth, and then will go from there. For now, I removed the php files and did a clean install of WordPress. Things have been quiet so far.

Ok, keep me posted sure.
Thanks.