• Resolved michalraph

    (@michalraph)


    Dear Wordfence

    We are receiving malware issues on this website continuously.

    This has been going on for the last 6 months.

    We have even recreated the website and still there are issues.

    Every day we run Wordfence on the site and every second day we receive Malware issues, each time having to restore a backup and redoing work for the 10th time.

    We even outsourced the issue to an IT security guy who cleaned out the site, reinstalled WordPress, and re-uploaded the site – it was ok for a while and then the issue started again!

    Please advise???

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @michalraph, sorry to see you’ve been having issues for such a long time.

    I don’t know about everything that has been attempted each step of the way, but I can try to make some suggestions. If a site backup has been eventually used at every stage, there’s a possibility that the backup(s) already had some malware inserted that allows it to regenerate even if the site is completely reinstalled first. However, this might not apply if you’ve tried a complete rebuild with no reuse of previous content.

    If you have tried installing entirely from scratch with no backup restore, a compromize could be coming from another attack vector. I would always recommend updating your passwords for your hosting control panel, FTP, WordPress admin users, and database no matter where you think the threat may have come from.

    Our site cleaning instructions may have some steps that could’ve been missed or help you reference things you’ve already tried: https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    As Wordfence sounds from your description like it’s detecting the malware, it could be worth speaking to your host to see if server logs or other access logs could point to a clear point of entry or suspicious activity.

    XML-RPC requests are one of the most common brute force/credential stuffing attack methods so we always recommend using long unique passwords along with 2FA for your administrative accounts.

    Additionally you might find the WordPress Malware Removal section in our free Learning Center helpful.

    If you are unable to clean the site fully, Wordfence does offer a service if others haven’t been effective but ultimately that choice is yours. If you do wish to discuss this, I can’t go beyond our free plugin here on the forums so please contact presales @ wordfence . com.

    Many thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Wordfence and Malware’ is closed to new replies.