My Site's been hacked!

[YUCATAN.DANCE]

Hey everyone, recently i've found some issues which is redirect issue and my WP index.php files got autometically modified and there are some some .php codes inserted.
I've scanned and fixed it with Wordfence but it got infected over and over.
how to prevent infection from happening again????

 

[jpond262176]

What files were infected? It's obv a plugin causing it. Reset all passwords with high level access and revert all files. You will need to see which file is causing back doors.

 

[YUCATAN.DANCE]

What files were infected? It's obv a plugin causing it. Reset all passwords with high level access and revert all files. You will need to see which file is causing back doors.

in root folder Index.php were modified.
how can i check which file is causing backdoors ??

 

[jpond262176]

in root folder Index.php were modified.
how can i check which file is causing backdoors ??

Revert all files back to original, check all addons that you have installed nulled.

 

[YUCATAN.DANCE]

Revert all files back to original, check all addons that you have installed nulled.

all my themes and plugins are nulled

 

[jpond262176]

all my themes and plugins are nulled

Then good luck. This can happen when using nulled plugins and themes. Depends where you got them all from.

 

[foster]

try with imunify AV

 

[YUCATAN.DANCE]

Then good luck. This can happen when using nulled plugins and themes. Depends where you got them all from.

all are downloaded from here

 

[monkeyman76]

I had this last month, it writes to an about.php, and the .htaccess file stays in the server's memory so you have to constantly delete the file sit rewrites, and flush the memory, it cost me two weeks of constantly fixing, lost revenue and I lost 2 clients. I eventually paid for Securri and they sorted it out. My advice is on Black Friday and Cyber Monday see what plugins you can get for cheap and start buying them if you can, nulled plugins can have malware in them, I only use them as demos so I stop wasting money on plugins that don't work

 

[Custom B]

Lesson learnedOnly use

Why? They get checked as long as people don't upload them to a 3rd party and spread nulled issues that way.

I'm just kidding?!..anyways rule of thumb is nulled for staging/testing and ffs buy your themes and plugins for production..if one can not afford to buy, then use the free versions

 

[foster]

i'm using all theme and plugin nulled, and get attacked by malware, and fix it with imunify360
this is my latest scan malware like 21331 malware fist scan

 

[YUCATAN.DANCE]

I had this last month, it writes to an about.php, and the .htaccess file stays in the server's memory so you have to constantly delete the file sit rewrites, and flush the memory, it cost me two weeks of constantly fixing, lost revenue and I lost 2 clients. I eventually paid for Securri and they sorted it out. My advice is on Black Friday and Cyber Monday see what plugins you can get for cheap and start buying them if you can, nulled plugins can have malware in them, I only use them as demos so I stop wasting money on plugins that don't work

sorry man. this sucks! how much did you pay Securri ?

 

[YUCATAN.DANCE]

i'm using all theme and plugin nulled, and get attacked by malware, and fix it with imunify360
this is my latest scan malware like 21331 malware fist scan

my hosting is in hostgator, how can I use Imunify360?

 

[foster]

my hosting is in hostgator, how can I use Imunify360?

if you are on hosting you have to install it by the admin on whm if using cpanel, I see hostgator a little it looks like they don't provide it,
advice using a vps, and buying immunify360 because it automatically cleans files affected by malware
I bought 1 month IP license like 6 - 7 usd

 

[guguk]

Hey everyone, recently i've found some issues that my WP files got autometically modified and there are some some .php codes inserted.
I've scanned and fixed it with Wordfence but it got infected again. can anyone help me with that???

Please give more details:
- Site URL
- Which plugins do you use
- Which theme do you use

 

[mrmin]

Is there an effective way to prevent it?

 

[Tuton]

Is there an effective way to prevent it?

There are numerous ways to prevent it. Since day one, I've downloaded plugins and themes from Babiato without experiencing any problems. Before we approve, every resource is examined carefully and approve. Start by looking through the log files kept by your host; inexpensive shared hosting is also not a good idea. Are you certain that nothing from other websites has been downloaded?

 

[YUCATAN.DANCE]

There are numerous ways to prevent it. Since day one, I've downloaded plugins and themes from Babiato without experiencing any problems. Before we approve, every resource is examined carefully and approve. Start by looking through the log files kept by your host; inexpensive shared hosting is also not a good idea. Are you certain that nothing from other websites has been downloaded?

been using babiato resources from 2018 bro. never experienced such kind of weird problem. but it happened recently. must be some plugin causing the issue.

THERE IS ONE THING I WOULD LIKE TO SUGGEST, I'VEE SEEN RANDOM PEOPLE (NEWLY CREATED ID) SHARE RESOURCES IN COMMENTS WITHOUT ANY PROPER BACKGROUND CHECK OF THAT PLUGIN/THEMES. I THINK THAT NEEDS TO BE PROHIBITED FOR THE SAFETY OF OTHERS.

 

[YUCATAN.DANCE]

those are the examples of infected files.

 

[orbitsolutions]

Ask your hosting provider to scan the directory! Find the file and clean it! You can try by replacing the WordPress file manually! before overwriting the files, dnt forget to make a backup zip