joaka2316's Replies | WordPress.org

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)

Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Admin user with the username deleted-l9N2CQti was created outside of WordPress

Thread Starter joaka2316
(@joaka2316)

2 years, 6 months ago

I have now sent the diagnostic report.

PS. I was alerted that yet another deleted-XXXXXXXX admin account had been created on my site a few days ago, followed by a successful log in. No suspicious looking files were found during the scan this time, though.

Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] wordfence.php removed during website attack?

Thread Starter joaka2316
(@joaka2316)

2 years, 7 months ago

Thank you for your response. I understand it’s possible for you to only speculate about how an attack could have been carried out.

What I don’t understand though, is how the single file wordfence.php could be removed without accessing the server itself. If an admin account was created somehow and managed to log in, wouldn’t it have been possible to just deactivate the plugin itself through the admin area?

So that’s my core concern and question I guess. If wordfence.php can be deleted through a vulnerability somewhere, resulting in the firewall being deactivated, how can I ever rely on the firewall protecting the site? Could it actually be that the file was deleted through a plugin or theme, or am I missing something that I should really inquire my hosting provider about?

Viewing 2 replies - 1 through 2 (of 2 total)