Have you tried clicking Wordfence’s button, ‘Repair all Repairable Files’? It may be able to replace all the plugin and WP core files with the correct repository versions. You are right that if you back up, wipe the site, and reload the backup, you’re not accomplishing anything. That said, you need some kind of backup, … Read more
Your website is infected by Malware. Hackers are using your WordPress website for ‘spamvertising.’ This causes an insane traffic spike. Spam emails are sent from your server with links to existing or new pages that are created by the hacker. Spamvertising can vandalize blogs, websites, forums, and comment sections with hyperlinks to get a higher … Read more
Looks similar to a search redirect. You’ll see the results when all of your search results go to someplace else. Lots of ways for it to get in there. But, fix the htaccess. Get a standard one from WP here: https://wordpress.org/support/article/htaccess/. Then, you should change all credentials: hosting, ftp, database, MySQL, and WP admin credentials. … Read more
I’m not a security expert, but the code you include in your question roughly does this: Check if the request is not for a static page (it can’t insert anything in that) Check if the request is not from scraper bots Ahrefsbot and MJ12bot. If both checks are passed make a connection with the server … Read more
With steps 1 and 2 you are only removing the symptoms of the infection, not the infection itself. Blockings access and changing permission (steps 3 and 4) makes a difference for outside approach of your system. But the infection is already inside your site. So, with these steps you do nothing to remove the infection. … Read more
There are plugins for that: e.g. http://wordpress.org/plugins/disable-xml-rpc/ You can also write a filter yourself add_filter(‘xmlrpc_enabled’, ‘__return_false’); You can simply add this code your theme functions.php (located in wp-content/themes/your_theme). However, you are advised to create a child theme (http://codex.wordpress.org/Theme_Development) so that your modification does not disappear when you update the theme. Alternatively, you can create your … Read more
I would first of all change the password for phpMyAdmin because I think they moust be getting though the DB next thing is if that doesn’t work , but the bullet and do a clean install but backup all the post and maybe the comments if you want ot.
This is a case of general security. At a minimum do the following steps: Delete the file you found in wp-admin Delete the htaccess file Download the official wordpress from wordpress.org and upload it to your server, overwriting anything it finds. If possible delete the wp-admin and wp-includes folders and any files starting with wp- … Read more
The Symptoms you mentioned in your question and comment indicates that you might have compromised / nulled plugin or theme that deployed some sort of shell bomb. Its possible that there might be multiple malicious files in your main domain, add-on domains and subdomains. Its also possible that your default core wordpress files might also … Read more
I’m also seeing this on a hosting place that has several WP installs. Cleaning them up (removing files that aren’t supposed to be there, removing code) hasn’t fixed things yet, it keeps coming back. If you want to decode strings like that, use the https://www.unphp.net site. Use the recursive check button. I’ve found bad code … Read more