landryd

I managed to fix it with the following (a solution for someone else’s unrelated Wordfence problem):

1. Exported Wordfence settings
2. Selected “Delete Wordfence tables and data on deactivation?”
3. Deactivated the Wordfence plugin
3. Uninstalled the Wordfence plugin
4. Installed the Wordfence plugin
5. Imported Wordfence settings

The new scan is running now!

Yes, I can see people hitting the URLs in the access_log. But I don’t see any place that says x.x.x.x was blocked for hitting that url.

I’ve tried blocking that… but again, I’m not sure how to see who has been blocked by this option.

Thanks for the reply Tim. I’m not using the username block, I’m using the URL block.

I’m not sure what the hack is… the pages seem to be general spam and are linked to from comments on other people’s WordPress installs. Unfortunately the folders keeps coming back and I haven’t been able to find what keeps recreating them (nor can wordfence). I’m scouring the database for a source now.

Does the pro version of your product have any mechanism to detect hacks that aren’t present in the free version?

It turns out the file was somehow re-owned to root. I’ve chown’d it to my web server user and the plugin was able to restore it.

Thanks for the help!