countless-factory | WordPress.org

Resolved majaid
(@majaid)

5 months, 4 weeks ago

I have recently been noticing a lot of websites being infected with a plugin that is installed in the plugins folder named: countless-factory. This plugin does NOT show in the list of plugins. Checking the Wordfence Firewall, I am seeing legitimate Admin users logging in but from locations that are not regular locations. This seems to have started on 30 September. Cleaning it with Wordfence breaks the site as some files are left behind in the folder. I must have cleaned over 100 sites in the last week or so. Enforcing 2FA for administrators seems to stop the incursions.

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Support wfphil
(@wfphil)

5 months, 3 weeks ago

Hi @majaid

To prevent breaking sites when cleaning them please follow our guide below:

https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

Please feel free to send a copy of the plugin to samples [at] wordfence [dot] com.

Thread Starter majaid
(@majaid)

5 months, 3 weeks ago

Google won’t allow me to send the plugin ZIP file as it flags it as containing malware.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

2 replies
2 participants
Last reply from: majaid
Last activity: 5 months, 3 weeks ago
Status: resolved