Malware injection on site

Resolved iquk
(@iquk)

11 years, 4 months ago

Hi,

my site imranqureshi.co.uk has a single url injected into the top left of the screen.

Please can you advise:
1. The best and easiest way to remove this
2. Prevent this from happening in future.

Thanks.

Viewing 11 replies - 1 through 11 (of 11 total)

Vincent Verloop
(@vverloop)

11 years, 4 months ago

You can install Wordfence Plugin for WordPress. And scan for Malware.
Andrew Nevins
(@anevins)

WCLDN 2018 Contributor | Volunteer support

11 years, 4 months ago
You need to start working your way through these resources:
Additional Resources:
Thread Starter iquk
(@iquk)

11 years, 4 months ago

I scanned with wordfence and it picked up functions.php as a malicious file not part of wordpress. I deleted all found files but the link is still there?

Some of my pages are now not formatted properly due to me deleting function.php do i need to re-upload this file?

WPyogi
(@wpyogi)

11 years, 4 months ago

You need to go through all of the resources Andrew posted – to ensure it’s cleaned up completely and secured. Otherwise, the hack will most likely reoccur.

WPyogi
(@wpyogi)

11 years, 4 months ago

And yes, you should generally install new copies of your theme and WP Core.

Vincent Verloop
(@vverloop)

11 years, 4 months ago

Beware of false positives Do not delete everything you see in Wordfence, if you are not sure if it is malware…
Please read also the resources. And always make a backup before you delete the file.

Thread Starter iquk
(@iquk)

11 years, 4 months ago

I had updates do to on the themes. After updating this looks like it is fixed.
Thanks for your support

Andrew Nevins
(@anevins)

WCLDN 2018 Contributor | Volunteer support

11 years, 4 months ago

Hopefully the hack is fixed and you haven’t just removed the symptom of it.

Thread Starter iquk
(@iquk)

11 years, 3 months ago

Since installing wordfence i do not have any malware on the site but i am getting this email every day.
Is there anything i can do about this or just ignore it?

This email was sent from your website “Imran Qureshi” by the Wordfence plugin at Thursday 12th of February 2015 at 07:20:13 PM
The Wordfence administrative URL for this site is: http://www.imranqureshi.co.uk/wp-admin/admin.php?page=Wordfence

A user with IP address 183.207.228.51 has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 20. The last username they tried to sign in with was: ‘admin’
User IP: 183.207.228.51
User hostname: cache.IDC.js.chinamobile.com

Vincent Verloop
(@vverloop)

11 years, 3 months ago

The ip-adress is locked out, which is OK.

In the Wordfence config, you can set the lockout period higher for login failures. So the ip address gets blocked for more hours or days.
Check the profiles for high security setting.

Another way is to enable Two-Factor Authentication with Clef wordpress plugin.

Thread Starter iquk
(@iquk)

11 years, 3 months ago

There are quite a few options i changed lockout from 20 to 4 and also manually blocked the ip itself so should fix issue now, thanks.

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘Malware injection on site’ is closed to new replies.

Malware injection on site

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics