• Resolved b2kaibecker

    (@b2kaibecker)


    Hello to the Wordfence team,

    I have a homepage that gets infected over and over again. The system has been reinstalled and everything is up to date. Files are changed again and again and it is mostly the index.php in the root that is affected – today I saw this message in Wordfence: Backdoor:PHP/lfi.11719

    After the scan today everything is again without problems Sucuri finds nothing.

    What else can you think of…?

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @b2kaibecker,

    Known issues can sometimes be packaged in a different way to cases seen before by our scans. It sounds like our scan is picking up the Backdoor:PHP/lfi.11719 issue, cleaning it on your instruction, but it returns again later? If that’s the case, there may be a file somewhere recreating the issue.

    I would try following our checklist here:
    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    It sounds like your plugins and WordPress core are up-to-date already. As a rule, any time I think someone’s site has been compromized I also tell them to?update their passwords for their hosting control panel, FTP, WordPress admin users, and database?in order to cover the key access points where somebody could change things on your site. Make sure to do this.

    Additionally you might find the WordPress Malware Removal section in our free?Learning Center?helpful.

    After taking measures to try cleaning your site or identifying an issue, you can send suspicious code samples or files to?samples @ wordfence . com if you’re unsure what to do. Just make sure to?remove any database credentials or keys/salts?in any files you send over. Our team can help advise next steps from there.

    If you are unable to clean this on your own there are paid services that will do it for you. Wordfence offers one and there are others. Regardless if you choose to clean it yourself or let someone else do so, we recommend that you make a?full backup of the site beforehand.

    Many thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.