cipherbeta
Forum Replies Created
-
One thing you can do is if WF lets you take a look at the file, take a look through the code and see if you see something that says base_64 with a load of gibberish behind it. 99.9% of the time I’ve found that it’s malicious.
If you can confirm this, check your server logs to see when this file was created. If it originated around the time of your website’s creation, try to restore from a backup – chances are the file may be necessary for proper functionality to the website but it was modified. While you could attempt to remove the malicious code, it may cause functionality problems on the site. If you can see that the file was created very recently, it may be a good idea to make a quick backup for testing and delete the file completely. If everything is working, good chance you’re in the clear.
Just make sure you swap out passwords for things just in case, though. Good practice as soon as something pings as malicious.
Something that may work (please take this with a grain of salt – I commando pretty much everything when working with my wordpress sites so this may not be the proper way to do it, but this is how I got WF on a hacked site that locked out plugin privs if I recall correctly)
(quick edit: you need access to the server for this.)
First, download the plugin, should have it as a zip. Upload that to wp-content/plugins and unzip it so the Wordfence folder is there. Once it’s there and unzipped, hop into PHPmyadmin and go to the table Options, then to the row active_plugins. Add a new line inside the brackets like so, where X is the next number in the row (if you look at the plugins list, you should see an i:0 in the first row, i:1 in the next, and so forth) and Y is the length of the string that references the location of the main plugin file in the plugins directory. As a note, just checked, should be 23 characters, so the added line should look like so:
i:X;s:23:”wordfence/wordfence.php”;
This will enable the plugin for the website.
Again, please use this as a last resort if the WF peeps don’t respond in an appropriate time. Again, I’m not a pro with this kinda stuff so I don’t know if this is the proper way to do it, but it worked for me. Cheers!
- This reply was modified 7 years, 10 months ago by cipherbeta.