Hi all.
First time poster.
I update a website for a small sports club on a volunteer basis.
The person we got the domain and hosting from has emailed us as Wordfence has triggered some security issues.
They advised they will suspend our website if we don’t resolve these issues asap.
I have no idea where to start with this so Looking for advice.
The alerts are;
* File appears to be malicious or unsafe: admin-ajax.php
* File appears to be malicious or unsafe: admin.php
* File appears to be malicious or unsafe: cgi-bin/index.php
* File appears to be malicious or unsafe: index.php
* File appears to be malicious or unsafe: themes.php
* File appears to be malicious or unsafe: wp-admin/qacdevrv.php
* File appears to be malicious or unsafe: wp-includes/blocks/blocks-json.php
* File appears to be malicious or unsafe: wp-includes/class-wp-application-passwords.php
* File appears to be malicious or unsafe: wp-includes/class-wp-embed.php
* File appears to be malicious or unsafe: wp-includes/comment-template.php
* File appears to be malicious or unsafe: wp-includes/load.php
High Severity Problems:
* Unknown file in WordPress core: wp-admin/qacdevrv.php
* Unknown file in WordPress core: wp-includes/blocks/navigation/.0f859bb6.oti
* WordPress core file modified: index.php
* WordPress core file modified: wp-includes/blocks/blocks-json.php
* WordPress core file modified: wp-includes/class-wp-application-passwords.php
* WordPress core file modified: wp-includes/class-wp-embed.php
* WordPress core file modified: wp-includes/comment-template.php
* WordPress core file modified: wp-includes/load.php
* An admin user with the username deleted-R3PxdUVA was created outside of WordPress.
* An admin user with the username wp_update-1696416185 was created outside of WordPress.
[ad_2]