achadwick454

Over two weeks and still no reply over at the WordFence forum. Disappointing.

My website has been hacked again. I guess I need a lot of help.

wslade, I posted over on the WordFence forums but no reply after more than a day. 🙁

kmessinger,

I asked my hosting service about the Sucuri scan and got the reply posted below. They want more money. Is this typical?

================================
We could see that the Sucuri Scan of your domain “jdcproducts.net” hosted in our shared server “xxx.xxxxxxxxxx.com” shows both the cPanel and Web Server Apache as outdated one.

Please note that your account “jdcproducts.net” is currently hosted on a shared server and there are many legacy packages installed on our shared servers. Any update may break such installations. This may in-turn cause service disruption. We can only update any dependency packages after rigorous testing from our end. We do not normally upgrade packages on shared server.

Please note that, it is not possible to make server wide changes/updates in a shared server because any changes/update made will affect the other accounts hosted on the server.

There are two options for you to get rid of the vulnerabilities mentioned in Sucuri.

====
1. You can move your account to our new cPanel server “xxxx.xxxx.com” which is patched with latest updated softwares and applications. If you wish to move the website contents to the new server, we will create a new account in the server and will provide you the login details and you have to migrate the contents to the new server.

OR

2. You can move to a VPS plan. VPS Hosting allows for custom configurations and installations, because it gives you full root access to the virtual server. This is feasible because you are the sole owner of the VPS. Also, it has better security to count on because of its self-dependency. That is because every virtual server uses its own resources and OS, it can be rebooted and configured absolutely independently from the other virtual machines and it’s not affected by other users’ actions. Self-dependency makes VPS Hosting more secure than shared web hosting. Please refer the following URL for more details on the VPS plans available.

wslade, I did read your post and followed your instructions last night but got the same error message when I set the max time to 240 seconds except fewer files were scanned. I then tried different times and got the following:
10 seconds scanned 123,800 files
15 seconds scanned 164,300 files
default seconds scanned 104,800 files
60 seconds scanned 47,800 files
240 seconds scanned 49,600 files.

I have not yet been able to complete a scan. Everytime I scanned I got pthe same thing in the New Issues area called “Bulk Operation” I then clicked on the “select all repairable files” and nothing happened. After clicking on the “select all repairable files” button I then clicked on “Bulk Repair Selected Files” but got the following error message:

No files were selected

You need to select files to perform a bulk operation. There is a checkbox in each issue that lets you select that file. You can then select a bulk operation and hit the button to perform that bulk operation.

I got exactly the same result by clicking on the “select all deletable files” and the “bulk delete selected files” buttons. Nothing happened except I got the error message in the pop-up box.

What else should I try to complete a scan and be able to fix the problems?

No cache plugin running. I don’t even use the blog functionality since I use my website only for product sales. I’ll get back to this issue this evening. I’ve got to attend to my day job now. Thanks for your help!

I just installed Wordfence and it’s scanning for the first time. Do I need a p[aid version of Wordfence or will the free version suffice?

There are only two users in the wp_users table, the same ones that are listed in my users list in wordpress, but there are is bunch of stuff in the wp_usermeta table that I don’t recognize.