Recurring parse error in wordfenceScanner.php

  • I have three sites in a LAMP shared hosting environment. I had been using a different security plugin and at some point in the last few months my sites all came under attack. The attackers were able to hijack and post malicious code all over the place. One of the symptoms was that when I tried to access the WP backend, I got a parse error from a line in a file from my security plugin, as though that file had been changed.

    I updated all the WP installs and plugins, removed all unused plugins and themes, installed Wordfence, and began scanning and removing/reinstalling files. This seemed to work great!

    However, I went back to two of the sites an hour later and got the error:

    Parse error: syntax error, unexpected ‘=>’ (T_DOUBLE_ARROW) in /root/public_html/mysite.com/wp-content/plugins/wordfence/lib/wordfenceScanner.php on line 394

    Now I am seeing new malicious files being created and core files being changed. I have been re-running Wordfence scans and manually removing stuff, but I can’t tell where the source script resides.

    Do you have any suggestions? Would the premium version do anything for me?

    Thanks!

Viewing 1 replies (of 1 total)
  • Plugin Support wfphil

    (@wfphil)

    Hello,

    Sorry to hear that you are having these problems with your sites. One of our developers has said that there is nothing incorrect with the code for that Wordfence file at our end.

    He believes that it is a possibility that something is modifying the file.

    As you are seeing new malicious files being created so soon after doing a site clean can I check that you had the scan option “Enable HIGH SENSITIVITY scanning” enabled? Please check our documentation below on this option:

    Enable HIGH SENSITIVITY scanning

    Also, if you haven’t done so already, go to our guide below for cleaning a hacked site in case you have missed some important points to be mindful of:

    How to Clean a Hacked WordPress Site using Wordfence

    May I ask please – Are the 3 websites under their own individual accounts with the same shared hosting provider? Or are the 3 websites contained within the same hosting account?

    Regarding the premium version we are forbidden to discuss premium features in this forum but the link below is for our homepage where you can view the premium features and make an informed decision.

    Wordfence Home Page

    Finally, I would highly recommend that you visit our learning center below so that you understand the steps that you can take to minimize these attacks taking place again in the future:

    The WordPress Security Learning Center

    Hope this helps.

    • This reply was modified 7 years, 11 months ago by wfphil. Reason: Typo
Viewing 1 replies (of 1 total)
  • The topic ‘Recurring parse error in wordfenceScanner.php’ is closed to new replies.