Title: Wordfence – malicious wflogs files
Last modified: December 12, 2016

---

# Wordfence – malicious wflogs files

 *  Resolved [Sash11](https://wordpress.org/support/users/sash11/)
 * (@sash11)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/malicious-wflogs-files/)
 * I’d just like to ask, what to do with maliciuous (aparently) Worfence files? 
   It looks that all are located in wp-content/wflogs directory.
    I managed to delete
   malicious code from “rules.php” since it was at the top, before <php but I am
   afraid to do anything with the rest: ips, config, attack-data. I have same problems
   also on two subdomains.
 * I tried to reinstal Wordfence but the problem persist. Should I delete directory
   wflogs and again install wordfence?
 * Also, wordfence gave me positives on some Sucuri files too, also located in wp-
   content directory under sucuri. I deleted sucuri plugin and also those files,
   so no problem there. But just to clarify… is that possible that such plugin is
   hacked?
 * Thanks
    -  This topic was modified 9 years, 5 months ago by [Sash11](https://wordpress.org/support/users/sash11/).
      Reason: edited title

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Thread Starter [Sash11](https://wordpress.org/support/users/sash11/)
 * (@sash11)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/malicious-wflogs-files/#post-8544255)
 * Here is the copy/paste
 * This file appears to be installed by a hacker to perform malicious activity. 
   If you know about this file you can choose to ignore it to exclude it from future
   scans. The text we found in this file that matches a known malicious file is:“
   explode(chr((198-154)),’5785,49,4594,30,5177,40,335,67,4968,24,4399,61,3676,56,4035,22,3550,35,1191,37,1807,65,4568,26,3208,20,5516,70,2887,31,”.
   The infection type is: Backdoor:PHP/eawtliul.
 *  [bluebearmedia](https://wordpress.org/support/users/bluebearmedia/)
 * (@bluebearmedia)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/malicious-wflogs-files/#post-8544932)
 * Long time WF user here….
 * Have you checked this out: [How to Clean a Hacked WordPress Site using Wordfence](https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/)
 *  Thread Starter [Sash11](https://wordpress.org/support/users/sash11/)
 * (@sash11)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/malicious-wflogs-files/#post-8546485)
 * I did. I had a lot of files infected. Some of them were able to restore, some
   I cleaned manually. Now I am down to three files, all from wordfence directory.
   And I don’t know what to do with them.
    If noone can help, I’ll just delete directory
   and reinstal wordfence. Can’t do any harm to it, I guess
 *  [wfalaa](https://wordpress.org/support/users/wfalaa/)
 * (@wfalaa)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/malicious-wflogs-files/#post-8548565)
 * Hi [@sash11](https://wordpress.org/support/users/sash11/)
    You can safely remove
   these files in “/wflogs” directory and this will reset the “Firewall” settings,
   then the folder will be created again by itself.
 * Thanks.
 *  Thread Starter [Sash11](https://wordpress.org/support/users/sash11/)
 * (@sash11)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/malicious-wflogs-files/#post-8549039)
 * Thank you, wfalaa! Will do that.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Wordfence – malicious wflogs files’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [wflogs](https://wordpress.org/support/topic-tag/wflogs/)

 * 5 replies
 * 3 participants
 * Last reply from: [Sash11](https://wordpress.org/support/users/sash11/)
 * Last activity: [9 years, 5 months ago](https://wordpress.org/support/topic/malicious-wflogs-files/#post-8549039)
 * Status: resolved