Hardening access | WordPress.org

Howdy. We have Wordfence Premium installed on this site but despite its presence we are being continually hacked. We have run many scans over the past 72 hours, each one returning a ‘clean’ status. This morning, hackers again gained access to the site and were able to change our index.php file and the wp-content/index.php. They also renamed the php.ini file in the WordPress installation to php.ini1 bypassing the security. The only options I can see is that the hackers are gaining access at server level. Is there anything I can do to protect the entire public_html folder? Can I include the auto prepend line that activates WF in the php.ini file that sits in the Home directory?

The page I need help with: [log in to see the link]


This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer