Malware gets past Wordfence

Hello,

I host about 25 sites for some of my clients. Over the past few months I’m continuously noticing how many of these sites are breached even with, what I believe to be, very good Wordfence settings.

Malicious files are still being uploaded to various folders, malicious code is found in core files, etc. Examples I remember seeing in the results have a lot of “global” “X53” type code, arbitary named favicon files, arbitary named php files with malicious code, etc

I realise that Wordfence can’t possibly block everything out there, but the prevalence across multiple websites is of concern when there are so many similarities between the infections/breaches.

I hoped that Wordfence took into account all the detections and “Repairs” that were carried out by Wordfence (across the world) to prevent further infections, but this doesn’t seem to be the case.

Are other people also finding their Wordfence installation is not able to stop these intrusions?

Thank you for your comments and responses.