possible infection that Wordfence is not detecting

Hi @ostinatofreak

Please follow our site cleaning guide below. If you find modified files with malicious code in them then you can send them to [email protected]

https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

@ostinatofreak

Hi and thank you for reaching out! Dealing with malware can be very stressful. We secure our servers and do our part to make sure we have no vulnerabilities, however, if the account is not properly secured you could be susceptible to infection.?

We have some helpful articles in our knowledge base including “How to Remove Malware From WordPress Site” and “Malware FAQ”. We also have an article on how to reach SiteLock “How to Contact SiteLock Support”. 

Our live support should also be able to assist or escalate a ticket to be addressed. 

I consider SiteLock to be a borderline scam / money grab. SiteLock tries to get customers to buy a lot more than they need, and the services they provide are severely overpriced for the amount of labor they’re performing when they clean a site.

If we restore a clean backup of the WordPress site and Wordfence certifies it’s clean with a deep malware scan, then it’s infected a week later, then we wipe the site again and restore the backup again and certify it’s clean again with another Wordfence deep scan, over and over again, at some point one must consider the possibility that the infection is coming from the server.

We understand most people may believe SiteLock is expensive and not worth the price, that just isn’t true. You’ll find the money and headache it saves in additional cleanings and maintenance of websites makes it well worth it. Removing an infection is a lot more involved than preventing one, Sitelock provides help with both. 

If you just keep restoring your site without putting some preventative measures in place (other than a free plugin), you are opening the door to be infected again. Once a website is infected, it is likely going to be targeted continually until it is properly secured with a service such as Sitelock. Once they see you are an easy target, they will just keep running the same program to keep infecting you because they already know how. Also, if you are restoring to an old version of WordPress, you may be keeping the door open. Sitelock works but there also must be updates done to make sure your WordPress version is up to date too. 

You speak dismissively about Wordfence – a mere “free plugin” that still renders its website an “easy target.” In this Bluehost article, https://www.bluehost.com/blog/wordfence-increases-security-on-your-wordpress-site/, Bluehost calls Wordfence a “robust website application firewall and malware scanner” and rates the plugin “highly.”

You say “if” I keep restoring the site without putting “preventative measures” in place as if Wordfence weren’t a preventative measure, as if we weren’t changing passwords, as if we weren’t immediately updating the core and all plugins/themes upon restoration, and as if we weren’t running a deep Wordfence scan after all this is done to certify that the site is clean, all of which we are doing.

Furthermore, if it’s Bluehost’s official position that no WordPress site is “properly” secured unless the client purchases SiteLock, then why doesn’t Bluehost just mandate SiteLock for all its sites? There is a reason why some surgeries aren’t covered by insurance companies – they aren’t necessary. If SiteLock were as critical as you’re making it sound (i.e. any WordPress site that doesn’t have it isn’t “properly” secured!), it would be incorporated into the Bluehost hosting plan as a non-negotiable feature.

I had another WordPress site that was once infiltrated. Bluehost notified me that a virus was detected on the site. The SiteLock people gave me an aggressive sales pitch that made me feel like anyone who has WordPress without SiteLock is an irresponsible fool, and Bluehost was going to mandate SiteLock if I didn’t eliminate the virus myself (or shut down my website). I declined the service, restored the site myself from my own backup, and it eliminated the virus. The site was never infected again – that’s when I first installed Wordfence. It wasn’t a headache. It was just 2 commands in FileZilla and I was done. WAY easier, simpler and cheaper than dealing with the high-pressure SiteLock sales pitch.

If my site is infected repeatedly after restoring, updating and scanning (with a perfect score from a Wordfence scan), one can’t help looking at Bluehost itself, wondering if the virus is coming from the server. You are ASSUMING this can’t possibly be the explanation (or at least, you are ignoring that possibility in your reply) and talking like the only possible cause here is the WordPress site itself.