Support » Plugin: Wordfence Security - Firewall & Malware Scan » Errors On My Site When Using WordFence

  • Resolved krambrose


    So I am pretty much screwed lol but I am trying to fix this.

    A few days ago I was contacted by host-gator and told that I was hacked and I had malicious content on 3 of my sites. I went and deleted those files and a buddy of mine cleaned up the mess on a few other issues.’ Host Gator would not help me and tried to extort me for money to BUY their SiteLock thing. Wouldn’t even give me any tips or any help at all. Just sort of left me hanging.

    Everything was fine for almost a week.

    Suddenly last night they contacted me again for 3 more sites and said I had malicious content on my sites, they needed to be removed and I needed to fix other issues NOT in their report. I had my buddy go in again and he says that there are over 100 scripted malware issues. Again. Host gator would not help, but they sure suggested SiteLock pretty quickly.

    Awesome. *sarcasm*. My buddy is in the process of getting rid of the malware manually but said it would take 5 days and I am freaking out because I am afraid this hacker is going to come and screw something else up between now and 5 days from now.

    Anyway. I heard really good things about WordFence, Sucuri and a few other plug ins. So I figured while my guy was doing what he could, I would do the same.

    I did the scan for Wordfence and they found a hacked file called wp-includes/kses.php. It would not let me delete or remove it from the WordFence program on WordPress so I just manually went in to find it in the code and removed it on my own. A bunch of jumbled text came up, so I re-pasted the removed malware text into the code, went back to Wordfence, refreshed my page and tried again. This time Wordfence let me remove it via their interface on WordPress. But…. then I refreshed the page again to do a re-scan and I got errors.

    You can see them if you visit my website:

    Warning: require(/home3/kristi77/public_html/ failed to open stream: No such file or directory in /home3/kristi77/public_html/ on line 194

    Fatal error: require(): Failed opening required ‘/home3/kristi77/public_html/’ (include_path=’.:/opt/php56/lib/php’) in /home3/kristi77/public_html/ on line 194

    I was wondering if anyone had any layman terms on how to fix this. Now I cannot even get to the Admin for WordPress lol.

    Also, is anyone aware of any CPANEL malware scanners?

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Hi @krambrose,

    It appears wp-settings.php file was tampered with to include a call to the malware file you mentioned, hence the error you’re getting.

    You will need to restore all original WordPress core files.

    At this stage I suggest you follow our site cleaning guide which will help you rid your site of the malicious content.

    Note that depending on the extend of the damages, you might need to resort to professional site cleaning services.



    wp-settings.php always includes kses.php. That is not an infection. It is standard WordPress and is done on all WordPress sites.

    The failure to load is because @krambrose manually deleted an essential WordPress file (kses.php), causing WordPress to be unable to boot up.

    To fix it so the site loads again, simply grab a clean copy of ‘kses.php’ from another site or from a downloaded, fresh, WordPress install archive, and put it back in the /wp-includes/ directory where it belongs. Then WordPress will start up again.

    Hi @krambrose,

    My mistake.

    The wp-includes/kses.php is indeed part of a standard WordPress installation.

    However it was probably modified and now contains malicious code hence Wordfence flagging it.

    You can choose to restore the original file from the scan report page or as already suggested, get a clean copy of the kses.php file and include it in your WordPress instance.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Errors On My Site When Using WordFence’ is closed to new replies.