![]() This reply was modified 2 years, 4 months ago by emilenaim. Took a while, but if you don’t want to pay $$$ to get someone to do it, put in the hours So far so good, its been 2 days and no sign of the malware. Scanned each site with Wordfence (including images and all folders… result was clear)Ĭhanged Admin User and password for all sites (after restore)īacked up the new sites with Updraftplus then deleted the plugin Installed Updraftplus (yes, I know, had to be done) Installed Wordfence and hardened the website Set up new databases and new users for each site I checked my ftp accounts on the hosting site and found around 20 FTP accounts I did not recognise.ĭeleted all ftp accounts I did not recogniseĬhanged passwords on FTP accounts I did recognise. I had UpdraftPlus plugin to backup the site automatically to the root of the server, meaning I had to use ftp login details. Update on this, database restore did not help. The matched text in this file is: class WPPluginsOptionsĪnd on and on, the file size is 57,037 bytes. If you can not find it, it’s better contact your hosting provider. The php.ini file can be found in /user/local/bin/, /etc/php5/ or depending on the host provider. At the end of the php.ini file, add below lines of codes. For this scenario you should also connect via FTP or log in to the CPanel of your hosting provider. If you know about this file you can choose to ignore it to exclude it from future scans. Increasing Max Input Vars in php.ini File. I do manage to get some info from wordfence:ĭetails: This file appears to be installed or modified by a hacker to perform malicious activity. There are thousands of files!! I can delete them via ftp but I need to dig deeper to find where the instructions to add them lies as well as how wordfence is being stopped from saving my options.Īll my blank index.php files are also altered and instead of having “nothing here” in the files, there is more code. The option in Wordfence to include the plugin and theme folders in the scan are turned off automatically, every time I turn them on and save, they revert to OFF. (themename).php file added and every plugin the same with a file “.(pluginname).php”, every wordpress site on the same server is now infected the same way, every time I delete the files, they come back. My site is infected with malware and almost every folder on the site has had a file named.
0 Comments
Leave a Reply. |