• Hi – Our client’s server level firewall protection triggered by a malicious attempted php malware injection. While this was caught by server software, my question is why did WordFence not detect it at the WordPress level? No alerts were sent or showing on the dashboard.

    Question: We have the free version of WordFence installed, so what settings would you recommend to combat this (see details below), and if you recommend a paid plan… what level?

    DETAILS

    • At 2026-06-24 06:26:18 UTC, the server received an external POST request to:
      • POST /wp-admin/admin-ajax.php HTTP/1.1
      • source IP: 124.164.186.54
      • host/vhost: [ Link moved to link field where it belongs ]
      • HTTP response: 403 (request rejected)
    • During processing of that request, PHP temporarily wrote the uploaded content to:
      • /tmp/php9QQNai
      • Microsoft Defender for Endpoint detected the file as Backdoor:PHP/ReplmentStrshl.A!dha at write time.
    • Defender telemetry indicates the file was not executing when detected, and the file was removed immediately afterward

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • I had a similar issue where a new post was inserted within the post section of my websitestating variations of the message “ open channels” “ backtalk on Support” “ bridging, education, and industry in WordPress ecosystem” “ decision-making, reputation and risk” “ can’t depend on charity” there were no word fence notifications and I did run another scan, but nothing showed up. There were no other new users.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.