Block ww1.tech4u.app

Hi @rightchordmusic, sorry to see you’re having trouble with spam or malicious code.

The scan failures you’ve reported and tried to troubleshoot could be related if something malicious has happened to your site. That’s working on the assumption that scans were working before and Wordfence has usually been able to connect to our servers etc.

If your website is also redirecting elsewhere, it’s often a sign of being affected by malware. There are naturally other attack vectors outside of WordPress that we don’t control like database passwords, cPanel access and FTP credentials so?as a rule, any time I think someone’s site has been compromised I also tell them to update their passwords for their hosting control panel, FTP,? WordPress admin users, and database. Make sure to do this.

I will provide our site cleaning instructions for you below:
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

Additionally you might find the WordPress Malware Removal section in?our free Learning Center?helpful.?We provide a site cleaning service should you need further assistance, as do other companies out there.

Thanks,
Peter.

Hi Peter,

Firstly, thanks for replying. The internet is a lonely place, when 12 years of your work is suddenly hacked and you have no coding or real tech experience, hence why you started a WordPress blog in the first place!

I’ve followed your advice / guides, this is where I am at.

1. All plugins and themes are updated
2. WordPress update failed – out of memory error!
3. I changed the password
4. I made and downloaded a backup
5. I managed to put the website in maintenance mode, to avoid it being black-listed
6. I searched the source code and found this, which looks similar to the malicious code highlighted in your article. /* <![CDATA[ */window._wpemojiSettings = {“baseUrl”:”https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72×72\/”,”ext”:”.png”,”svgUrl”:”https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/”,”svgExt”:”.svg”,”source”:{“concatemoji” But no idea how to remove it or whether it’s really the problem?
7. I tried scanning with Wordfence again, but the scan fails. the last lines of the log say: [Aug 17 09:23:14]?Scanning: /home/sites/rightchordmusic.co.uk/public_html/wp/wp-content/plugins/wordfence/modules/login-security/classes/utility/nulllock.php (Mem:113.9M)[Aug 17 09:23:14]?Calling fork() from wordfenceHash with maxExecTime: 45 [Aug 17 09:23:14]?Entered fork() – how do I get past this? If I can’t scan it feels like I can’t fix this?
8. Any further help and advice you can give would be hugely appreciated, sadly I don’t have thousands of pounds to spend fixing this, this is an unsigned music blog, not a revenue generating business.