[ad_1]
After seeing that my site was full of malware, I decided to install Wordfence (lite) with pretty conservative settings but I keep seeing weird index.php files popping up in the site.
Things like:
`<?php`
`/*fcc4c*/`
`u/include (“/path/to/some/file/.951ed7b2.mo”);`
`/*fcc4c*/`
I’ve just changed the account/ftp password.
The first WordFence scan did detect a few files, but not all of them. What else is there to do to protect the site against such attacks?
Disable all plugins is a start then work on where it is coming from then remove them and re enable plugin one a time to double check. Maybe you should add cloudlfare to protect your site too
Put the site behind CloudFlare and set up a firewall rule to block access to those file paths.