Rex infection

Hello, @captainrick2718

Sorry to hear about the issue. The verification email would likely be from the Wordfence captcha, which will send the email when your login score is lower than the threshold you have set in Wordfence > Login Security > Settings.

If you had any plugins or themes that were out of date, abandoned, or with known vulnerabilities, that could cause the issue you’re seeing the with malware. It could also be due to compromised credentials or a compromised account (hosting, FTP, admin, etc.) If you have other sites hosted alongside this one, but not isolated, it is possible another site infected this one. Similarly, in some cases on a shared hosting platform, a neighboring site can infect your site.

As a rule, any time you suspect the site has been compromised, you will want to update your passwords for your hosting account, FTP, the database, and all WordPress admin users.

You should also update all plugins and themes, and ensure that you’re running the latest version of WordPress core.

We have the following checklist for site admins to clean sites: https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/  Additionally, you might find the WordPress Malware Removal section in our Learning Center helpful: https://wordfence.com/learn/ 

If you are unable to clean this on your own, there are paid services that will do it for you. Wordfence offers one and there are others. Regardless of whether you choose to clean it yourself or let someone else do it, we recommend that you make a full backup of the site beforehand.

If you have a recent backup of the site you can restore, that may be the best place to start. From there, be sure to update all plugins, themes, and passwords, as mentioned above. If you do clean the site yourself, once the known files are removed or repaired, you should run a High Sensitivity scan via Wordfence > Scan > Scan Options and Scheduling, if you have not already.

Thanks,
Scott

Hello, For our surprise when I submitted a ticket to Liquidweb hosting rather ex-hosting provider support for a very simple FTP permission issue they fixed it by renaming the .htaccess file to .htaccess-bk and replacing with a basic initial WP .htaccess which did not have the .waf Wordfence code disabling Wordfence leaving the site open to attacks and indead that is what happened. liquidweb hosting has got to be the worst hosting company in the world…..Readers DO NOT HOST WITH LIQUIDWEB.COM

Thanks for the update, @captainrick2718

Sorry for the inconvenience.

As you mentiond, if the auto_prepend_file directive for the firewall optimization was in place in the .htaccess and the file were reverted or rebuilt without that directive, that would unfortunately remove the firewall optimization.

If you have any further questions, please feel free to reach out.

Thanks,
Scott