Website hacked, Wordfence disabled?

  • Resolved loongy

    (@loongy)


    1 year, 11 months ago

    Previous Admin person has installed free Wordfence.
    After the site has been hacked, I assumed that Wordfence has either been disabled or uninstalled by the hacker.
    I tried to install Wordfence again but came up with an error message:
    “Installation failed: Destination folder already exists”

    Appreciate your kind assistance.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • WFSupport

    (@wfsupport)

    1 year, 11 months ago

    Thanks for reaching out.

    That error means that it’s likely the wordfence folder exists in the wp-content/plugins directory but that it doesn’t contain all the files it should or some of them are corrupted. This can happen if an automatic update failed so if this is the only reason you think the site was compromised I’d try the steps below to get Wordfence working first. I’ll include some helpful cleaning tips after but it even if this is the only indication you have of being compromised it might be prudent to follow them just to be on the safe side.

    Getting Wordfence installed again:

    • Log in to your site via FTP/SSH or any file browser your web host may provide.
    • Locate the folder “wordfence” in /wp-content/plugins
    • Delete the Wordfence folder

      • In your WordPress admin area go to the Plugins > Add New page and search for, then install and activate Wordfence

    Your settings should still be there when you reinstall the plugin unless you had checked the option to “Delete Wordfence tables and data on deactivation” on the Wordfence > Dashboard > Global Options page on your site in the General Wordfence Options section.

    Cleaning the site:

    There is a guide available here that can help walk you through the process of cleaning your website using Wordfence.

    Make sure and get all your plugins and themes updated and update WordPress core too. If you are on an older branch (WordPress 4.x etc) because you wanted to wait before installing the latest version because of Gutenberg or a custom theme compatibility you still need the latest update in that version. Those can be found here:
    https://wordpress.org/download/releases/
    WordPress sometimes even patches their older releases if a vulnerability that was found so make sure to update your version if needed.

    As a rule, any time I think someone’s site has been compromised I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database.

    Additionally you might find the WordPress Malware Removal section in our free Learning Center helpful.

    If you are unable to clean this on your own there are paid services that will do it for you. Wordfence offers such a service for this. Regardless if you choose to clean it yourself or let someone else do so, we recommend that you make a full backup of the site beforehand.

    I hope this helps.

    Tim

    Thread Starter loongy

    (@loongy)

    1 year, 11 months ago

    Thank you Tim for your kind assistance.
    I’ll give it a go.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Website hacked, Wordfence disabled?’ is closed to new replies.