Site was hacked with WF premium installed | WordPress.org

Resolved lzr0
(@lzr0)

2 years, 9 months ago
Hi,
My WordPress site was hacked again, this time while WF premium was installed and active, and all four firewall options show 100%.
The .htaccess file had these malicious code inserted:
```
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} (bing|google|yahoo|msn|aol) [NC,OR]
RewriteCond %{HTTP_REFERER} (yahoo|bing|google|msn|aol)
RewriteCond %{HTTP_HOST} generatorsforhomeuse\.us
RewriteRule . cache.php [L,S=10000]
```
How to explain this? Is it possible some dormant file remained from previously cleaned hack that can edits htaccess undetected by WF? After previous hack I cleaned htaccess file and deleted all deletable files found by scan. There are still the following lines from WF:
```
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files>
```
I use PHP5.6.27 WP5.7.2
- This topic was modified 2 years, 9 months ago by lzr0.

Viewing 1 replies (of 1 total)

Plugin Support wfphil
(@wfphil)

2 years, 9 months ago

Hi @lzr0

As you have a premium license key then please open a premium support ticket below:

https://support.wordfence.com

Viewing 1 replies (of 1 total)

The topic ‘Site was hacked with WF premium installed’ is closed to new replies.

Tags

hacked

In: Plugins
1 reply
2 participants
Last reply from: wfphil
Last activity: 2 years, 9 months ago
Status: resolved