I just made my portofolio site using WordPress and the Elementor. I wasn't too sure about how to create my site, so I mainly just followed Youtube Tutorials and plugins they recommended (Elementor, Elemnetor Header & Footer Buolder, Enable Media Replace). I was getting some insecurity due to plugins not being updated as alerts, but I mainly ignored it because I just thought it was like some system/program updates where it would recommend newer versions, but that because it was just my portfolio site it would be unlikely that anyone would hack it (I figured what would be the point of it).
Learned a bit the hard way that I guess some people just do it anyway, I still don't know why I guess it happens. Nothing ever happened on my stationary computer since I'm guessing I have all kinds of script blocks and what-not, but when I was looking at my site on mobile I found these weird pop-ups popping up sometimes. Like oddly enough it just happened one time, and the next time it wouldn't come up, so it was very difficult to replicate the virus. Eventually I started googling, I found a Reddit Post about someone with similar problems. The replies there were that sometimes plug-ins would be vulnerable, so eventually I just removed any plug-in I wasn't using and just kept Elementor. The problem persisted, so eventually I also got "WordFence" that I saw someone recommended. After a scan in Wordfence, I didn't get any indication that there was any malware, so I just assumed the issue was solved.
Unfortunately it seemed like the issue wasn't solved, and I was getting e-Mails from wordfence that my site was getting accessed from things all over the world. I'm not even sure what all this means, does this mean someone uploaded CSS on my site? I've now changed my password, done a new scan that again returns nothing. So apart from WordFence, is there anyway to just scan my site to see if there's anything left from this malware? I've gone through all pages and removed anything that I'm not familiar with, as well as the plug-ins.
It's a portfolio site that I send out to employers as part of my application process, so it's just an awful look if they're getting a malware site. I've heard from some people to "just use ArtStation", which I'd maybe considering, but it's also just fun to have my own site in a way as well.
