Suspicious files?
-
Hi all,
I helped someone cleaning their WordPress site. Is had been hacked and used to send spam. The WordPress version was outdated, so were the plugins and the theme. What is did was:
- Reinstall WordPress completely
- Reinstall all plugins
- Reinstall themes
- Update everything
- Install Wordfence
- Made some adjustments in the server settings. E.g. no more CHMOD 777 (don’t even bother to ask). Most files changed to 644 and uploads to 755
- Made adjustments in the htaccess, so no PHP files are allowed in the uploads map.
- Scanned all files with maleware scanners
- Deleted all user accounts including the mainadmin account. Created a new admin account with a strong login / pass combo.
- Deleted all unnecessairy plugins and content.
- Reset FTP account with strong login / pass
- Reset MySQL account with strong login / pass
- Anti spam plugin and server measurement for sendmail files.
- IP-block for certain countries.
- Etc. Etc.
I thought this would be safe, however, a few hours later Wordfence alerts me that two files have been changed. See this screenshot: http://screencast.com/t/rY3rY4iGnUO5
1. Should I be worried?
2. Is there anything else I can do?
Thanks in advance!
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
- The topic ‘Suspicious files?’ is closed to new replies.
