• Resolved hotnuts21

    (@hotnuts21)


    A friends site is currently showing a white page on all pages. The Admin is not accessible and shows the source code of the admin index.php page.

    Having checked with the host the site has been compromised. Wordfence is installed and working, but obviously as we cant log into the admin we cannot access the plugin.

    I was wondering if there was a way to trigger the scan remotely? This way we could get the scan to run and let us know which files are problematic etc.

    Currently Im unable to FTP into the site as its blocked by our work firewall.

    Paul

    https://wordpress.org/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author WFMattR

    (@wfmattr)

    Hi Paul,

    I don’t think there is a way to make the scan work since you see the source of the index.php page — it sounds like the host has disabled php.

    We have a guide for cleaning hacked sites here, which does include some other methods you can use to find malicious files, until the site can be fixed enough that the host will let it run again:
    How to clean a hacked website

    If the host gives you a list of malicious files they found, you may be able to remove them (save copies in case they are modified versions of a real file) — if they’re part of WordPress, you may have to manually replace them with new copies from the wordpress.zip file from wordpress.org to get the site working again. If any are plugin files, usually you can remove the plugin’s entire folder, and just reinstall the plugin after the site is running again.

    If you have a recent backup of the site, it might also be easier to restore the site from the backup.

    -Matt R

    Thread Starter hotnuts21

    (@hotnuts21)

    Thanks for the response.

    The site had been hacked, some very well hidden scripts etc. Did a full comparison with a vanilla install to find the problems in the end so didnt run a scan.

    Just a thought, might be nice if there is a way to trigger the scan from outside of WP. So if you cant login or access the admin or site, the scan can still be triggered to at least possibly fix core files and get access back. Just a feature suggestion 🙂

    Plugin Author WFMattR

    (@wfmattr)

    Thanks for the suggestion. We’ll take a look and see if that might be possible in a future version, though in this case it sounds like the host (or some failure in the hack attempt) had changed the server configuration so that it wouldn’t be possible to run any PHP code to complete a scan, unfortunately.

    -Matt R

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Trigger a scan remotely or via url?’ is closed to new replies.