Replies: 0
Hello! I found a second wp-config file installed on my domain and did not receive any notification of this event that replaced the DB parameters. It was only this evening, when trying to login, that I realized the site was down. A malicious wp-config file was the last thing I would be expecting, especially with Wordfence installed and configured. I also found the offending “user” and have no idea how they logged in. I am the only user and the login info is not generic. It didn’t re-direct site visitors elsewhere; instead the page displayed WP logo with country drop-downs. My hosting provider mentioned something about a database connection error and that’s when we found a second wp-config file. I have screenshots if it would be helpful. When trying to bring the site back up I experienced a conflict and had to deactivate my theme and all plugins, including Wordfence. I would like to know how this activity happened and what I could do to protect in the future. This conflict is still present and it appears that I have some major work ahead of me. Not happy 🙁 Thank you for your help!