Hi @michalraph, thanks for reaching out.
We’d need to ideally see an example of the precise malware reported and code Wordfence is identifying in order to advise on where you may be able to find and clean it if the delete/repair suggestions don’t appear to be solving it.
It might be an idea to email a downloaded copy of any affected file(s) showing as high severity from your scan to samples @ wordfence . com. Our Threat Intelligence team should be able to provide more detailed information around what could have happened and let you know whether a site cleaning should be performed. You can get them by visiting the file path shown in your scan result via FTP or the web-based file manager in your hosting control panel (whichever you use to manage files on your site).
Please note that when attaching files, ensure that you remove any database access credentials or keys/salts contained inside before sending.
For your information and remove any potential delay around getting you the information you need, I’ll also provide our site cleaning instructions to help you out: https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
Additionally you might find the WordPress Malware Removal section in our free Learning Center helpful.
I’d recommend taking a full backup of your site first before removing or repairing files so it can be reinstated should anything go wrong. However, if you are unable to fully clean the site yourself, there are paid services that will do it for you. Wordfence offers one, but there are others.
Thanks,
Peter.
