wfmark

Hi @joezappie,

Thank you for reaching out,

Could you please completely remove Wordfence?

First, enable the option “Delete Wordfence tables and data on deactivation.” After that, delete the Wordfence plugin.

Then download the plugin again from the WordPress plugin repository, activate it, and add the free license.

Let me know how it goes.

Regards,

Mark

Hi @jackandy,

Thanks for reaching out.

Can you please follow these instructions:

Log in to your site via FTP/SSH or via any file browser your web host may provide.
Locate the folder wordfence in /wp-content/plugins
Delete the /wordfence folder

If that does not work, please check the instrcutions here:
https://kinsta.com/blog/installation-failed-destination-folder-already-exists/
https://rankmath.com/blog/destination-folder-already-exists/

Please confirm that this fixes the issue for you.

Thanks,

Mark.

Hi @incl8, Thank you for reaching out.

Can you confirm that you are not installing the keys more than 24 hours after generation?

If not, then please try deactivating and reactivating Wordfence on the Plugins area of your site as this solves the issue for some customers.

You could also check whether you can install the license when Wordfence is the only active plugin on your site. There could be a Javascript conflict with another plugin potentially stopping the code executing the verification check.

In some cases, disabling caching plugins resolves the issue.

Let me know how it goes.

Thanks,

Mark.

Hi @ben226bjk9ftp5 ,

If you could do the following steps for me:

• Go to the Wordfence > Tools > Diagnostics page
• In the “Debugging Options” section check the circle “Enable debugging mode”
• Click to “Save Changes”.
• CANCEL any current scan and start a NEW scan
• Copy the last 20 lines from the Log (click the “Show Log” link) or so of the activity log once the scan finishes and paste them in this post.

Wordfence > Tools > Diagnostic > Debugging Screenshot

This will help me see exactly what is happening when the scan fails.
Additionally, please send a diagnostic report towftest@wordfence.com. You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
Note: For the fastest response time, please make sure and add any information or questions directly to this topic and not the email address above unless asked.
Let me know if you have any questions!

Thanks,

Mark.

Hi @esamberg, I am happy to help.

Open the email containing your Free Wordfence Security license key. Click on the “Install License” link within the email if it’s within 24 hours of the time you registered for a Free license. This link will automatically install the Free Wordfence license key from the email you received to your requested website.

If installing manually, or in the event that the automatic install expires or fails, you will need to copy and paste the license key into the Wordfence Security plugin by selecting the option to “Install an existing license” from the WordPress Plugins page. Copy the key from the email, paste in your license key and read/select the checkbox for legal Terms and Conditions, if applicable, before selecting the button to “Install License”.

Please visit this page for more information:
https://www.wordfence.com/help/api-key/

Thanks,

Mark.

Hi @eddy976 ,

Thank you for reaching out.

It looks like the plugin may not have registered correctly. I recommend fully uninstalling Wordfence by deactivating and deleting the plugin, then reinstalling it from scratch. After reinstalling, enter your email and license key again when prompted to complete the setup. This should resolve the installation loop.

Let us know if the issue persists.

Thanks,

Mark.

Hi @pressonforlife, thank you for reaching out.

Wordfence protects against a vast variety of attacks. Whether you were hacked because of an unknown attack method or because there is some other issue in your system is hard to say. Some plugins contain vulnerabilities that are not known (zero days) and that Wordfence hasn’t written appropriate rules or signatures for.

Regarding how they gained entry, here are some possible scenarios:

1. You may be using a plugin or theme with a vulnerability that is so severe that we cannot protect against it
2. Your wp-config.php file is readable to the hacker, either directly via your account, via a vulnerable plugin or via another hacked site on the same server
3. The hosting accounts on the server are not properly isolated on the server so the hacker has access to your database via another user’s database
4. The server software has vulnerabilities that allow the hacker to get root access
5. You were actually hacked many months ago, but the backdoor was not activated until now.
6. You have a compromised hosting account (Change your password immediately)
7. You have a compromised FTP/SSH account (Remove any accounts you don’t need and change the passwords on the ones you do)

There are a few steps you can take yourself to secure your website after a compromise:

1. Scan with Wordfence and use Wordfence to delete/replace any infected files. Scan with the “High sensitivity” scan type for best results.

Please Note : Before you delete any files, back them up just in case, and take note of when they were last modified. Write their filenames and timestamps down in a text file. This information can be used for tracing how they gained entry; for example, via access logs.

2. Make sure there are no administrator accounts on your site that you have not added yourself. If there are, access your database via phpMyAdmin and check the wp_users table. There, you can take note of exactly when the accounts were created. Add that information to your text file mentioned above. Then, delete the rogue admin accounts, or demote them to “subscriber” while you investigate so that they can’t do any further harm.
3. Change the passwords to your web hosting account, FTP/SSH, your database, and any remaining legitimate WordPress admin accounts immediately, if you haven’t already done so.
4. Have a look at the WordPress configuration file wp-config.php and your theme’s functions.php file. Inspect these manually to make sure that they look okay. If you are not sure what they should look like, try to find an old backup of the files or a fresh version from WordPress/your theme author to compare them to. Also inspect the .htaccess file in the root of your site to make sure it does not contain any malicious redirects.
5. Look over all your themes and plugins. Delete any themes and plugins that you are not using. Make sure all your plugins are up to date. Remove or replace any themes and plugins that are no longer being updated by their authors.
6. Check the WordPress upload directory to make sure there are no files there that look out of place.
7. Inspect your server’s access logs, which you can usually find in your cPanel or get from your web host. The access logs show every single request made on your site. If you look at the timestamp of infected files to detect when they were created, you may be able to match that up with particular requests in the access logs. If you can identify the first request in a cluster that appears to be involved when files on your site are edited, you may be able to figure out which request is the original culprit. Please note that there can be more than one access point once your site has been infected.
8. Keep an eye on your error logs. When infected files are removed, this can sometimes cause server errors. The error log can give you additional clues as to where infected pieces of code may be residing in your system.
9. You may want to talk to your web host and ask them if they can explain how your site was hacked. They have access to all server information, and are thus able to see things that you can’t see yourself. For example, it does happen occasionally on shared hosting that a site on one account will infect a site on another account.

Our free Online Learning Center’s Malware Removal section may be a good resource for you as well as our article “How to Clean a Hacked WordPress Site using Wordfence”.

We do offer site cleanings in the Wordfence Care and Wordfence Response licenses. They involve a trained Security Analyst manually going through the files on your server to make sure it’s completely free of malware. You can upgrade to one of those licenses at any time on the licenses page in your account on Wordfence.com. You can read more about them on the products page of our site here:
https://www.wordfence.com/products/

Regards,

Mark.