File appears to be malicious: magefix-db.php

One thing you can do is if WF lets you take a look at the file, take a look through the code and see if you see something that says base_64 with a load of gibberish behind it. 99.9% of the time I’ve found that it’s malicious.

If you can confirm this, check your server logs to see when this file was created. If it originated around the time of your website’s creation, try to restore from a backup – chances are the file may be necessary for proper functionality to the website but it was modified. While you could attempt to remove the malicious code, it may cause functionality problems on the site. If you can see that the file was created very recently, it may be a good idea to make a quick backup for testing and delete the file completely. If everything is working, good chance you’re in the clear.

Just make sure you swap out passwords for things just in case, though. Good practice as soon as something pings as malicious.

Hi @photocoen,

Could you please forward the alert email you received to yann[at]wordfence[dot]com so I can make sure it’s a genuine Wordfence email?

I also highly recommend you check with your hosting provider if that file was related to a product/feature they installed (and maybe subsequently removed).

Hello!

I hope we were successful in helping you resolve your issue with Wordfence! Since we have not heard back from you in the past 2 weeks I will now be marking this support thread as resolved. However, if we still haven’t resolved your issue please reach out to us as we would be more than happy to further assist you!

Thanks and have a great day!
Chloe