WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
[resolved] Pharma Hack Completely Removes Wordfence (4 posts)

  1. Bradford
    Member
    Posted 2 years ago #

    My site has been pharma hacked and while wordfence does a great job of finding suspicious files, eventually the plugin is either disabled or completely removed! I suspect it's the pharma hack. Has anyone else experienced this?

    http://wordpress.org/extend/plugins/wordfence/

  2. Wordfence
    Member
    Plugin Author

    Posted 2 years ago #

    We haven't seen this before. Are the Wordfence files actually deleted by malicious code? Can you email me a sample of the code that does this? mark@wordfence.com

    Thanks.

    Mark.

  3. Bradford
    Member
    Posted 2 years ago #

    I blogged about it here. I tried posting the contents of the files here but WordPress didn't allow it. I've included the files in a .docx file (wordpress.com doesn't allow .zip uploads) at the end of my blog post. Note, class-sftp.php made Microsft Security Essentials freak out with a "Backdoor:PHP/WebShell.A" alert and removed it.

    I'm not sure if any of the plugins were part of the problem, I doubt it, but I don't know. The blog post describes what I did to clean it up.

  4. Wordfence
    Member
    Plugin Author

    Posted 2 years ago #

    Thanks for the info.

    Regards,

    Mark.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic