DDoS and malware attack

We have implemented defender in our most of the sites, but still got malware attack and got all JS files infected. My all sites got started redirecting to affiliate and porn sites.

My query is that does Defender not cover XSS and DDoS attack on websites? Because when we took support from sucuri - we realised that even Defender folder got affected with this attack and had no clue how to fix it.

Kindly advise what we need to do to avoid such malware attacks and getting our site affected.


  • Predrag Dubajic

    Hi Shailendra,

    DDoS attacks are brute force attacks and they are usually pointed at your login page, it's mostly server related and in most cases your host should have a security measure to protect from these attacks.
    These attacks are trying to overwhelm your server and by the time it reaches WordPress and Defender the connection is already there so it's hard fighting that from WordPress side and server side protection is most reliable protection for these attacks.

    XSS vulnerability is something that's related to plugins and theme you use, if the plugin/theme code isn't sanitizing the input properly that will lead to XSS vulnerability and if you keep getting these attacks you should check your plugins and theme, make sure that all of them up to date and if the attack still happens you should check with your plugin developers if any of the coding has this vulnerability.

    Best regards,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.