I have a quite strange problem with a WordPress site. I manage a few WordPress sites but I never experienced this problem. A plugin gets automatically installed after few days. In addition it is a maintenance plugin, called Maintenance from Webfactoryltd. But every time I delete or just deactivate this plugin, it gets reactivated / installed again and switches to maintenance mode.
This is a premium site buyed on themeforest (flatsome), but I don’t think it has something to do with the premium template.
I tried following things:
- Delete / Deactivate the plugin
- Deactivate all plugins and reactivate only needed ones (Woocommerce)
- Deactivate all caching plugins (Redis, WP Optimize)
- Deactivate the automatic updater in config.php
- Deactivate all automatic updates on the plugins itself
- Installed Crontrol (plugin) to maybe get a cronjob which is responsible for that
Nothing worked. Has someone an idea what I can try now? Thanks in advance!
2
Answers
My site was compromised. Thanks to the link of Justinas I could take further steps to deal with this issue.
I could pinpoint the problem to a user (client) which I think run some scripts from it. The Wordfence Plugin helped with that a lot. I restricted the user and reset the password.
I also used Wordpress FAQ - My Site was hacked for orientation in this case.
Especially thanks to @Justinas for the report.
You can set limit file permission for .htaccess, wp-config.php for 444. Also, set recommended folder permissions.
You can install Wordfence & scan to see results where the file is affected & fixed it.
You can run also, virus scanner from the Cpanel account.