Hi @ruthcatrin
I am sorry to hear that your website has been hacked. I will explain in more detail some possible scenarios of how a hacker can gain entry and why a site becomes compromised – even if you are very meticulous at keeping your server software, WordPress, your active and inactive plugins and themes all up to date with the latest versions with security patches applied.
Some causes of a hack are impossible for any WordPress security plugin to protect against.
1) If you are using a weak password for your hosting account control panel or FTP account then a hacker may gain entry this way, with full access to your site’s file system and database. The cause may have been a weak password being used for a WordPress admin account.
2) You are storing unmaintained, unarchived backups of your site that are publicly accessible that contain exploitable vulnerabilities.
3) You are hosting more than one PHP application in the same hosting account and an infection can spread from another application to this WordPress site. An example of another PHP application would be another WordPress website, a different content management system such as Joomla or Drupal.
4) You have unmaintained or vulnerable 3rd party scripts installed in your hosting account. Examples would be the Adminer or SearchReplaceDB database management tools.
5) A nulled theme or plugin with malware already pre-installed. If you paid for a theme or a plugin outside of the vendors website at a massively reduced price, that seemed too good to be true, then it is likely to be nulled.
6) If you are using a shared hosting account a neighbouring account can be infected and spread an infection to this site.
7) The hosting accounts on the server may not be properly isolated so the hacker has access to your database via another user’s database.
8) The server software has vulnerabilities that allow the hacker to get root access – such as running an end-of-life version of PHP on the hosting server that has unpatched vulnerabilities.
Wordfence protects against a vast variety of attacks. Whether you were hacked because of an unknown attack method or because there is some other issue in your system impossible to say at this stage without an extensive investigation. There are some aspects of your site security that are completely beyond our control such as vulnerabilities on your hosting server as described above.
We recommend that you follow our site cleaning guides below:
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
https://www.wordfence.com/help/scan/scan-results/
Useful links after you have completed your cleaning:
https://www.wordfence.com/blog/2017/04/20-minutes-to-secure-wordpress/
https://www.wordfence.com/blog/2018/10/php5-dangerous/ (important note - this is an old blog post from October 2018 but still very relevant)
https://www.wordfence.com/blog/2020/08/10-wordpress-security-mistakes-you-might-be-making/
https://www.wordfence.com/blog/2018/10/three-wordpress-security-mistakes-you-didnt-realize-you-made/
https://www.wordfence.com/blog/2017/06/wordpress-backups/
We also have an extensive Learning Centre here:
https://www.wordfence.com/learn/
