Sorry to be late to the party but 3 days ago I logged into my site for the first time and had 4 notifications from Wordfence, one of which offered a free scan from Gravity scan. The scan reported my site had been hacked 8 times and was sending out spammy emails with infections from comments. I contacted my host reseller who told me it wasn’t his responsibility to update my site. He built, managed and converted my site to wordpress for me to manage because I’m now small potatoes to him. He has no knowledge of wordfence or gravity scan. He claims my site is clean. My question is are these scan results legit or not because it’s the same action/reaction as many freeware security products that will show results and promise better results by bypassing the free version and buying the premium version, which is what Gravity scan offered. How do I know if my site IS truly infected and how can it be disinfected? I checked off all the items in the article “How to Secure Your WordPress Working Environment” so what are the best security options? Wordfence free, paid and regular updating and plugin management? Many thanks!
