Wordfence deactivated and replaced?

  • Resolved oneiroi17

    (@oneiroi17)


    6 years, 8 months ago

    Hey there! So I’ve been using Wordfence Security, the scans are great. However a few weeks back, my client contacted me saying that the website was redirecting somewhere dodgy. When I went in the backend to check, the plugin had been deactivated and some malware installed.

    I fixed the issue and decided to keep an eye on the plugins page. Suddenly today I found that the “Wordfence Security” plugin was missing, and in its place was one called just “wordfence” that stated it needed upgrading. I recognised this as being dodgy, so went into the full list of plugins instead, found “Wordfence Security”, upgraded it and when I went back to my plugins list the “wordfence” plugin was gone. The site had indeed already been infected with malware, so I ran a scan and cleaned it up.

    Somehow, something is deactivating my Wordfence Security plugin, which is obviously rather worrying. Any thoughts or advice?

Viewing 6 replies - 1 through 6 (of 6 total)

  • Sounds like maybe your site was compromised at the web host/server level… you may want to contact your host to see what’s going on.

    Same thing happened to me on one of my sites. Received an email today that WordFence had been deactivated on my site by me (my username) from Los Angeles (I’m not in Los Angeles). I immediately changed my password. But I see I have an inactive plugin called “wordfence” lowercase that needs upgrading. So I will just delete that. Have not seen any other signs of hacking or malware (yet). It is not an important website, but I guess I may have to do some work restoring from a backup this weekend.

    Hi @amyritterbusch and @oneiroi17

    If you have Jetpack plugin installed, then your WordPress.com credentials might be exposed on a data breach somewhere and attackers used this data to log in your WordPress.com account and disabled plugins from there, I highly recommend changing your WordPress.com password and enable 2fa as well following this guide:
    https://en.support.wordpress.com/security/two-step-authentication/

    More details about that can be found here:
    https://www.wordfence.com/blog/2018/05/wordpress-com-jetpack-infection/

    Thanks.

    Thread Starter oneiroi17

    (@oneiroi17)

    @wfalaa a very useful response, thank you! My website is hosted on elsewhere, but is indeed connected to my .com account via Jetpack. I have changed both passwords and installed 2fa on both. Hopefully that will be the end of it!

    Going to leave this as “unresolved” for a little while until I think that it’s definitely dealt with (last two attacks were roughly a week apart, so should be able to guess soon enough). Thanks again!

    I’ve had this happen to one of my sites too. I’m on my second round of cleanups. I do have jetpack installed. I’m going to try Securi. I’m going to reinstall all of the plugins & enable 2fa

    • This reply was modified 6 years, 8 months ago by A. Jones.
    Thread Starter oneiroi17

    (@oneiroi17)

    I changed my passwords, though have had trouble with 2fa. Shortly after posting before though, I had a look at Jetpack and realised that all the things I was getting from it were things I had dedicated plugins to do anyway, so I unlinked my website from WP.com and removed the Jetpack plugin. I’ve not had the same issue since, so it looks like that was it! Thanks @wfalaa, will mark this as resolved now.

    Good luck with your issues too @nomadcoder ??

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Wordfence deactivated and replaced?’ is closed to new replies.