Hi @arcaswebdesign, thanks for reaching out.
Wordfence can clean malicious code from sites when installed after a security incident, but bear in mind its primary function is to stand guard and protect from malicious actors in real-time. Our detailed site cleaning instructions show steps that Wordfence is suitable for, but also more general steps that may need to be taken on the site/server to prevent the threat from coming back:
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
As a Web Application Firewall, Wordfence (when in “Extended Protection” mode) runs on a website immediately after PHP starts but before the rest of WordPress and its plugins load. This is to make the attack surface as small as possible and make IP blocks as early as possible. Some malicious code can stem from improperly protected FTP, database, or hosting control panel credentials which would bypass Wordfence loading in a browser altogether.
Wordfence protects against a huge quantity of older and emerging threats, but the constantly evolving nature of this industry means customers sometimes see them packaged in a way we haven’t seen before. Our researchers are always happy to look into them for free via samples @ wordfence . com and provide feedback.
Our Care product involves expert human interaction to properly clean malware, provide a full report after the process, and ensure Wordfence is properly installed and optimized for the environment it’s running on going forward.
We can’t really discuss our paid product levels in more detail here due to wordpress.org forum rules, but our team at presales @ wordfence . com can answer any supplementary questions you have about the process if you can’t find the details on our Care page.
Many thanks,
Peter.
Thanks Peter, have followed up as suggested.
Thanks @arcaswebdesign, we appreciate you getting in touch.
Peter.
