[defender pro] defender blocking all access <currently disabled and uninstalled>

i connected with a technician a few days ago about this problem

i have since done the following:
1 uninstalled the plugin
2 emptied the tables in mysql of the logs and ip blocks - i have copies of these on my local computer
3 i have reinstalled the core files of wordpress manually (latest version) except for wp-contents

Defender has been compromised and I am not sure how...

can you please advise how to clean the files - i suspect the wp-contents folder has been compromised but i am unable to find any files that are different to the originals i also can see that my whitelisted ip address has also been blocked specifically because it was listed as a whitelist.

currently i have installed wordfence as a backup.

urgently need help with this.

    • aisha

      Hi David.

      After restoring manually - I suspect that the wp-contents folder was compromised errant plugin (?). The only thing I didn't do prior to the ticket submission is a folder comparison of wp-contents between the compromised one and from an original older version. I've removed all the plugins not necessary.

      I removed the .htaccess and checked those - saw nothing suspicious.

      The db tables of defender showed lockout times of 1525406003 seconds for entries that had attempted only 1 time.

      I've sent info to Adam to explore further.

      The server is the clients and I was only responsible for the web dev.

  • Adam Czajczyk

    Hello aisha

    I hope you're well today and thank you for reaching out to us!

    I found and check your chats about the issue but I'd like to make sure first that we're on the same side with this so let me try to summarize the case shortly:

    1. There was Defender on the site and it found out some files that didn't belong to WP core
    2. That suggested that site was compromised so the files were removed
    3. Defender blocked all access to the site
    4. Defender was removed
    5. Defender-related db tables were cleaned up and WP core files were re-uploaded on server
    6. Reinstalling Defender is still causing lockouts so for now it's removed

    7. The point is to: check the site to make sure that there are no malicious files, install Defender to make it protect the site again and make sure that it's not locking you out.

    Would that be correct? If yes, I'll be happy to help you with it but I'll need direct access to the site. I know you have shared cPanel access through the chat but I'd also need some additional information so please follow the guide below.

    Note: Don't leave your login details in this ticket.
    Instead, you can send us your details using our contact form https://premium.wpmudev.org/contact/#i-have-a-different-question and the template below:

    Subject: "Attn: Adam Czajczyk"

    - Site login URL
    - WordPress admin username (this is important, support access will not suffice here)
    - WordPress admin password

    - cPanel credentials (host/username/password)
    - Folder path to site in question

    - download link to the backup of the tables that you mentioned here in your post (you can put them all as .zip file e.g. on your Google Drive or Dropbox account, just share a link to it with me)

    - if you do have some backup from right before this all happened (such that could be safely restored in case anything went wrong on a way), a download link to it as well (you can also put it on GDrive or Dropbox or similar cloud)

    - your current IP could also be of use

    - Link back to this thread for reference
    - Any other relevant urls/info

    Please note: once you send the message, let's stick to this particular ticket for further troubleshooting; we will communicate here and over e-mail, there's no need to start separate tickets and/or use live chat.

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.