Title: [Plugin: Exploit Scanner] FYI – Pharma attack removes plugin Last modified: August 19, 2016 --- # [Plugin: Exploit Scanner] FYI – Pharma attack removes plugin * [cadfile](https://wordpress.org/support/users/cadfile/) * (@cadfile) * [15 years, 2 months ago](https://wordpress.org/support/topic/plugin-exploit-scanner-fyi-pharma-attack-removes-plugin/) * Here is a nifty thing. I am getting attacked on a regular basis with the Pharma hack and one thing it does is add their malware file AND removes the main exploit- scanner php file – deletes it. * I have WP-File Monitor active and caught it so I just delete the bad file and delete and reinstall the plugin manually. * Auto update refuses to reinstall it since the folder still exists. * The Pharma attacks are really ticking me off as I’ve followed all the various security tips and the hackers just injected a new file and removed another. * sigh* * [http://wordpress.org/extend/plugins/exploit-scanner/](http://wordpress.org/extend/plugins/exploit-scanner/) Viewing 1 replies (of 1 total) * Plugin Author [Jon Cave](https://wordpress.org/support/users/duck_/) * (@duck_) * [15 years, 2 months ago](https://wordpress.org/support/topic/plugin-exploit-scanner-fyi-pharma-attack-removes-plugin/#post-2003288) * Ha! I’m not surprised and there’s not much that can be done by the plugin, but thanks for the information. * To do a full clean up I would advise you to wipe all the files from the system and do a full reinstall (backup all database and files first in case something goes wrong). Also, ensure that you change **all** of the passwords associated with WordPress and the hosting account (e.g. MySQL, FTP, cPanel, etc.) — to be extra paranoid I would change passwords before deleting everything and reinstalling and then again afterwards. If it’s still able to come back then you should talk to your host as it’s probably lax security configuration on their part rather than a hidden backdoor script or compromised password. Viewing 1 replies (of 1 total) The topic ‘[Plugin: Exploit Scanner] FYI – Pharma attack removes plugin’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/exploit-scanner.svg) * [Exploit Scanner](https://wordpress.org/plugins/exploit-scanner/) * [Frequently Asked Questions](https://wordpress.org/plugins/exploit-scanner/#faq) * [Support Threads](https://wordpress.org/support/plugin/exploit-scanner/) * [Active Topics](https://wordpress.org/support/plugin/exploit-scanner/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/exploit-scanner/unresolved/) * [Reviews](https://wordpress.org/support/plugin/exploit-scanner/reviews/) * 1 reply * 2 participants * Last reply from: [Jon Cave](https://wordpress.org/support/users/duck_/) * Last activity: [15 years, 2 months ago](https://wordpress.org/support/topic/plugin-exploit-scanner-fyi-pharma-attack-removes-plugin/#post-2003288) * Status: not resolved