I’d just like to ask, what to do with maliciuous (aparently) Worfence files? It looks that all are located in wp-content/wflogs directory.
I managed to delete malicious code from “rules.php” since it was at the top, before <php
but I am afraid to do anything with the rest: ips, config, attack-data.
I have same problems also on two subdomains.
I tried to reinstal Wordfence but the problem persist. Should I delete directory wflogs and again install wordfence?
Also, wordfence gave me positives on some Sucuri files too, also located in wp-content directory under sucuri. I deleted sucuri plugin and also those files, so no problem there. But just to clarify… is that possible that such plugin is hacked?
Thanks