Jelena

Hi,

Sorry to hear about the troubles you are having.

Shield will alert you when files get modified or new files are added (not part of your original core, plugin, theme installation files) and can keep repairing modified files automatically for you to ensure that it doesn’t contain any malicious code any longer.

We go into the all details in the Shield’s scans guide here.
(Malware, and Vulnerabilities scans are available for premium members only)

Please note that, due to the conditions set on the www.ads-software.com forums, we can’t discuss premium options here. But you can get quick help and advice from the Shield community by joining our Facebook group here. Or, contact us directly here.

So Shield can help but to stop malware from recurring, you’ll need to find the source of the problem. Malicious code can get in even on the server-side. Or, maybe this malvertising is in your theme files, e.g., ‘footer.php’ (just guessing).

Security, unfortunately, is an ongoing process and requires us to audit our sites regularly and to pay close attention to alerts sent from Shield. Shield will identify the issues as they arise and provide the mechanism to lock down a site and keep it as secure as possible, but often it can require more in-depth investigation to resolve the issue.

If you’ve removed this malware from your WordPress site but it keeps reappearing, it indicates that there might be an underlying issue or vulnerability that needs to be addressed. You’ll need to identify the source of reinfection and how this malware gets in.

Dealing with recurring infections can be challenging but it’s not impossible to do so. Here are some steps we highly recommend you to take to address the issue:

Security Audit: https://getshieldsecurity.com/blog/run-wordpress-security-audit/
27 Vulnerabilities: https://getshieldsecurity.com/blog/wordpress-security-vulnerabilities/

I understand there’s quite a bit to go through, but please follow the guides above one step at a time.

Jelena

Just a quick update for anyone who might experience the same issue:
it was a corrupted .htaccess file from another source and it’s always good to test temporarily removing your .htaccess files when you’re experiencing critical errors to eliminate it as a source of the problem.

@shivasirons , thanks again for reporting back. ??

Hi,

We are sorry but, by the terms of this forum, we can’t offer support for our premium members through this channel.

We opened a support ticket for you (#5462). Email is sent to your purchase email address. Please respond when you get a chance.

Thanks in advance and sorry for the troubles.

Jelena

Hi David,

Thanks so much for reporting back. We appreciate the update.

Regards,

Jelena

Hi,

Sorry to hear that.

You can try reinstalling the Shield plugin and see if the error persists.

Make sure you’re running the latest Shield v20.0.6.

Thanks,

Jelena

Okay, that’s good to hear. ??

Please also update Shield to the latest v20.0.5 released today.

We faced a server problem overnight and It’s already been addressed. This was a combination of a couple of different factors that combined to cause this.

We’ll be reviewing other points of failure as a priority early in the week to eliminate anything like this happening again.

Regards,

Jelena

Hi,

Thanks for reporting this.

May I ask you to test this once more and let us know how it works now, please?

Thanks.

Hi Ed,

Please open up your browser’s developer tools – web Console (usually accessible by pressing F12) and click the gear icon. Then, review Console. You may see errors there. This suggests something is going wrong with the request and there are errors being generated for some reason.

Let us know what you find.

Thanks.

Hi,

Can you go to the main Config menu > Activity Log > Log To DB, and review the logging levels you have selected there, please? Make sure that the activity logging settings in Shield are properly configured to log all necessary activities you need. We have a guide on this here.

Also, do you use page cache? If yes, ensure that your caching plugin/or system isn’t caching important pages like the product page, cart, and checkout.

Okay, great! Happy to hear that you managed to sort it out.

Cheers!

Hi,

Firstly, many thanks for upgrading your review. Much appreciated.

Here is a small clarification on the auto block expiration timeout you may find helpful:

If the blocked IP accesses your site within 24hrs period of time, we update the last access time and the 24hrs counter resets and starts again from zero. If they come back and try to access the site again, they’ll get blocked. Again. This ensures that a given visitor stays blocked.

They must wait 24hrs before trying to access the site again. Once an IP address entry has expired and that IP hasn’t attempted to access the site again within the 24hrs timeout period, the daily WordPress Cron will clean it out from the table and IP will be unblocked.

We suggest decreasing the timeout to 1hour while you are testing.

The reason it probably didn’t work before was because of the “High Reputation Bypass” setting (detailed here) that prevents high reputation IPs from being blocked. So, this option prevents your legit site visitors with a high Reputation Scores from being blocked.

Imagine it this way: Shield will monitor everything your IP does, and it’ll mark offenses against it. Once the IP has accumulated enough offenses and it’s about to block your IP address, it’ll lookup your Bot Reputation Score and if it’s high enough, you wont be blocked.

If you’ve got any thoughts or questions, feel free to leave a WordPress forum topic for us. It’s a much easier to all of us to chat and sort things out there than in the review section.

We also highly appreciate any bug reports. If you spot it, please share it on forum or reach out to us directly any time and we’d be happy to work on it with you.

Regards and thanks for using Shield. ??

Jelena

Hi,

You can try disabling User Session Lock options?detailed here.

Let us know how that works for you.

Thanks,

Jelena

Hi,

Sorry to hear about the troubles you are having with this.

Can you re-enable Shield, reproduce the problem and then:

Check the Activity Log detailed here… are there any notices coming up in there about blocks? Once you have this, then we can help out with what might need to be adjusted.

The Activity Log is the best place to look first for anything being blocked as it’ll tell you precisely what’s happening.

Let us know what you find in there.

Thanks,

Jelena

Hi,

Yes, this option is still there (under the Firewall > Firewall Response).

Can you check your Activity Log to see if there were any Firewall block logs in there, please? You can filter by “Firewall Block” events.

If there are such events and you have firewall email alert option enabled but you are not getting these emails, than the problem is likely with email delivery.

Unfortunately, this is a common issue we see very day…

Shield wouldn’t affect the sending/receiving of emails. Whether or not emails gets send from your site are entirely out of Shield’s control and sending is never interrupted by Shield. It’s important to take full control of email sending on a WordPress and not rely on WordPress itself to send emails via your web server.
Please review your email provider settings and ensure that it’s configured properly.

Some email providers have gotten more strict with their email delivery you should know about:
https://convertkit.com/resources/blog/new-google-yahoo-email-rules-2024

Hope you find this helpful in some way.

Jelena

No problem, happy to help. ??