WordPress Hack that comes back

  • Resolved wasootch

    (@wasootch)


    3 years, 9 months ago

    Hello,
    I had a hack on a few of my sites, but not all of them, hosted on the same hosting company. The file installed was wp-content/plugins/plugs/plugs.php.

    I installed Wordfence and did the scan and it found the hack and deleted the file from the 3 sites effected. I checked my other sites and they were fine.

    It was fine for a while, but now it came back despite having Wordfence installed and it actually seems to have stopped the Wordfence scans to find it.

    I have deleted the files again with Wordfence, but I’m not sure how it is getting installed. I checked the common plugins and the only common ones are on all my sites rather than just on the 3 hacked ones.

    Does anyone know how this is getting in?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @wasootch

    If a reinfection keeps occurring then the same hacker, or even a different hacker, is very likely exploiting the same vulnerability because the intrusion vector hasn’t been patched yet.

    Please follow our site cleaning guide below:

    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    Thread Starter wasootch

    (@wasootch)

    Hummhhhh…. ok. I did do most of that to begin with. But I tried a couple of more things to see if it will help. Got rid of themes I’m not using. One site did have an old version of WordPress, but the others didn’t. So I’m not too sure.

    Plugin Support wfphil

    (@wfphil)

    Hi @wasootch

    Thank you for the update.

    The only advice we can give here in the forum is already fully included in our site cleaning guide.

    I recommend that you monitor your website closely over the next few weeks for any signs of a reinfection.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘WordPress Hack that comes back’ is closed to new replies.