I have Wordfence installed, which detects malicious files (such as access.php or include.php) in my installation every day. I regularly access the dashboard and remove these files, but they reappear afterward.
My plugins and themes are up to date, and Wordfence settings are quite strict, but the files keep reappearing.
Is it possible to trace where the vulnerability lies in the system? How can I do this?
Thanks!