Hacked wordpress website, hacked again the day after showing as clean with wordfence.

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › IT Pro and developers › Hacked wordpress website, hacked again the day after showing as clean with wordfence.

1 | 2 | 3

mattwnz

20155 posts

Uber Geek

#1736405 14-Mar-2017 16:37

amanzi:

With martyyn's help, I had a look at this site. As I suspected there was malware hidden in a temp directory. For those interested, here's the idenitification of one of the malware files: https://www.virustotal.com/en/file/6704ee4feec361c4cf382b637313b74e5ea20e800536d4d59497ec8df004ec66/analysis/1489454473/

Though there are other valid reasons for moving away from this hosting provider, this particular malware was almost certainly installed due to an out of date Wordpress version, and so it's not directly the hosting provider's fault.

Must have been a really old version as older versions get automated updates still. But this is part of the problem with these types of website, they get setup, but updates aren't budgeted for. Many can be updated automatically without any problems, but often things can break after updates, such as themes, plugins etc, which can involved work. So often it is best to do an update on a development server first before applying it to the live site.

martyyn

1971 posts

Uber Geek

ID Verified

#1736408 14-Mar-2017 16:39

As amanzi has said, this issue is more than likely with outdated plugins. The php files I found this morning were in a directory used by a plugin which (I believe) had been removed in 2014. Why the directory was still there I don't know. There were originally 28 plugins, I cut that down to 15 yesterday and could probably remove another 5-6 being fairly confident they aren't being used.

A fresh pair of eyes certainly helped this afternoon, thanks amanzi :)

1 | 2 | 3

News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

RSS feeds: Main feed; Forums feed

Site features: Geekzone BI dashboard; Geekzone Badges; Geekzone Status Page

Affiliate links: Samsung; AliExpress; Wise; Sharesies; GoodSync

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising; Trademark and copyright