/** Make sure that the WordPress bootstrap has run before continuing. */
require( dirname(__FILE__) . ‘/wp-load.php’);
// 10 days
setcookie(‘wp-postpass_’ . COOKIEHASH, stripslashes( $_POST[‘post_password’] ), time() + 864000, COOKIEPATH);
wp_safe_redirect(wp_get_referer());
exit;
?>
THEY SAID:
Your latest Intrusion Defense scan has detected suspicious file(s) on your account. The following files have been identified as potentially dangerous:
/usr/home/hidden/public_html/tackypolice.com/wp-pass.php
Any issues that you see with the code? WF does not see it as a problem.
]]>Great plugin! I use it on my blog https://www.relentlessapps.com/the-amazing-web-app-challenge-from-0-to-5000-month-in-6-months/
Problem is that when I’m on the post edit screen in my WP admin, the options to hide/show the icons are getting in my way. I need to be in a state of perfect serenity when I blog. I take blogging very seriously.
Regards,
Milky Bilky
]]>I host about 25 sites for some of my clients. Over the past few months I’m continuously noticing how many of these sites are breached even with, what I believe to be, very good Wordfence settings.
Malicious files are still being uploaded to various folders, malicious code is found in core files, etc. Examples I remember seeing in the results have a lot of “global” “X53” type code, arbitary named favicon files, arbitary named php files with malicious code, etc
I realise that Wordfence can’t possibly block everything out there, but the prevalence across multiple websites is of concern when there are so many similarities between the infections/breaches.
I hoped that Wordfence took into account all the detections and “Repairs” that were carried out by Wordfence (across the world) to prevent further infections, but this doesn’t seem to be the case.
Are other people also finding their Wordfence installation is not able to stop these intrusions?
Thank you for your comments and responses.
]]>index.php was trying to require inclusion of a file that doesn’t exist. Since the site had not been changed at all in a couple months, I first tried restoring from a month-old files backup, but the error was not resolved. I don’t normally read WP code files, but I decided to take a look at index.php… and I discovered the weirdest thing: It wasn’t a WordPress file at all, but a Joomla bootstrap! This site was running on Joomla in the past, but when it got hacked about a year ago, I wiped the files and database completely (at least I thought I did) and started over in WordPress.
Since the restore didn’t replace that file, I decided to look inside the backup. The backup was done by UpdraftPlus, which separates the files into four categories: Plugins, Themes, Uploads, and Others. I never thought about it until now, but even the Others backup is only files in wp-content – there is no attempt to backup the files in the webroot, like index.php, wp-config.php, etc., nor the wp-admin or wp-includes directories. I’m not very impressed with UpdraftPlus right now.
I grabbed a copy of a WP bootstrap from another website I manage, and the site appears to be running now, but I’m concerned that something hinky is going on that I can’t see. As I said, I had not touched the site in a couple months, so my hand didn’t cause this. My hoster did some server maintenance a couple days ago, but it’s an unmanaged VPS, so they wouldn’t have messed with my files. The only way to get on the server by SSH or FTP is with a private key, there is only one WP user, and WP says there is only one active login at the moment (me).
Does anyone have any thoughts about what might have happened, or what sort of hinky things I should look for? I’ve now upgraded WP to 4.8 and all plugins to their current versions, but if extra files have crept in somehow, upgrades won’t get rid of them. I feel like my site is haunted, since I got a visitation by the ghost of bootstraps past…
]]>ClientIP = (String, 12 characters) 103.241.3.21
CurrentUserID = (String, 1 characters) 0
EventCount = (Integer) 1
PruneQuery = (String, 86 characters) DELETE FROM wp_wsal_occurrences WHERE created_on <= 1440445465 ORDER BY created_on ASC
UserAgent = (String, 45 characters) WordPress/4.3.1; https://www.*********.comWhat do you think they’re trying to do?
]]>Few months ago I had an intrusion into my wordpress blog. Because of that, I increased the strength of my key, also I
installed the Wordfence plugin in a high security level, and also installed Google Authenticator plugin.
Now I find in the list of reviews, in some few pages, signs that I have again suffered an intrusion, although apparently the page content has not been modified.
I am the only administrator on my page and each revision is recorded with my username and my custom Gravatar logo.
These intrusions are registered with a comma, not my username and the default Gravatar icon, not my own.
Wordfence never alerted me of these intrusions.
The first question is:
– This is a sure sign of an intrusion, or perhaps have been myself that by some reason I have been registered without
my name and without my own Gravatar?
– They have been brute force intrusions or is there another way to access the control panel of WP ?
– How I can prevent these intrusions ?
I appreciate the time that can be taken to respond, I am very worried with this problem.
Regards
]]>IP: 209.140.18.46 (195.195.4.161)
Date: 2012-12-14T11:07:22+00:00
Impact: 7
Affected tags: xss csrf id rfe lfi
Affected parameters: COOKIE.TBANKVISITOR=MC4yMy4yMzA3OTQyOTMxNDY0NTIuMTM1NTQ4MzIwMDQ3MS42ZmIxZGQzZg__%2A,
Request URI: /assets/core/img/layout/transparent.png
Origin: 209.140.18.46
and i received this email simultaneously with different ip addresses,
please inspect it what kind of attack is that???
i am worrieed
https://www.ads-software.com/extend/plugins/mute-screamer/
]]>