Title: mplugin.php admin_ips.txt monit.php Last modified: June 29, 2022 --- # mplugin.php admin_ips.txt monit.php * Resolved [obertscloud](https://wordpress.org/support/users/obertscloud/) * (@obertscloud) * [3 years, 11 months ago](https://wordpress.org/support/topic/mplugin-php-admin_ips-txt-monit-php/) * I work on several different wordpress sites, it seems all my customer accounts sites got hacked with these files. mplugin.php admin_ips.txt monit.php * I have cleaned up files, database and core files.. now I want to prevent it from happening. All themes are purchased as well as plugins also I use bulletproof security and wordfence, not sure how these files got there, but all clients use hostgator, will contact them also * can you help me prevent these files from showing up again? thanks Viewing 1 replies (of 1 total) * Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/) * (@wfpeter) * [3 years, 11 months ago](https://wordpress.org/support/topic/mplugin-php-admin_ips-txt-monit-php/#post-15785403) * Hi [@obertscloud](https://wordpress.org/support/users/obertscloud/), sorry to hear you had a problem with malicious files. * Did the Wordfence scan ever offer you the opportunity to replace/repair the affected files? It’s worth checking our cleaning instructions anyway, just in case any steps were missed or there’s any interesting information you may not have known at the time: [https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/](https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/) * You might find the WordPress Malware Removal section in our [free Learning Center](https://wordfence.com/learn/) helpful. * Aside from this, any time I think someone’s site has been compromised I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database. **Make sure to do this as the attack vector may have been a vulnerable area outside of WordPress, which Wordfence cannot prevent**. * There can be multiple attack vectors when a site is targeted that range from outdated plugins with an unpatched vulnerability to an insecure account on WordPress or within your hosting environment (database, cPanel, FTP etc.) It has even been known for another infected site on a shared hosting server to infect other sites hosted there: [https://www.wordfence.com/blog/2021/06/service-vulnerabilities-shared-hosting-symlink-security-issue-still-widely-exploited-on-unpatched-servers/](https://www.wordfence.com/blog/2021/06/service-vulnerabilities-shared-hosting-symlink-security-issue-still-widely-exploited-on-unpatched-servers/) * Thanks, * Peter. Viewing 1 replies (of 1 total) The topic ‘mplugin.php admin_ips.txt monit.php’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 1 reply * 2 participants * Last reply from: [wfpeter](https://wordpress.org/support/users/wfpeter/) * Last activity: [3 years, 11 months ago](https://wordpress.org/support/topic/mplugin-php-admin_ips-txt-monit-php/#post-15785403) * Status: resolved