Hi @mahroch,
Thanks for sending your diagnostic over. Your database is missing all Wordfence tables, so they may have been removed during the cleaning process or as a result of the original malware you mentioned.
If you have a backup from before the incident, you may be able to restore them, otherwise I would recommend deactivating Wordfence within WordPress and reactivating it – this should recreate all required tables. Failing this, you may need to reinstall the plugin altogether. Our database tables to look out for are listed on the following page: https://www.wordfence.com/help/advanced/remove-or-reset/
We have the following guide if you need to check any steps that may have been missed during the site clean: https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
As a rule, any time I think someone’s site has been compromised I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database. Make sure to do this if you haven’t already.
Thanks,
Peter.
Hi Peter,
i tried to do everything you wrote and what I could find at the pages you recommend. Still, the same result.
I deactivated and then removed wordfence plugin, I manually removed everything that should be removed (), checked if all the tables are deleted from DB. Installed back, activated – and still :[FEB 28 22:09:26] Scan terminated with error: Unable to query database . I checked – the tables are in the DB, so that is not the case this time.
Any idea what to do next?
Hi @mahroch,
Would it be possible to send an updated diagnostic report now that you’ve made some changes to see if I can see the differences for myself and look into another possible cause? If you put your forum username in when prompted, let me know when you’ve sent it so I can take a look.
Thanks again,
Peter.
Hi, thank you for help. I sent the diagnostics again, I set the username as “mahroch”, as my login here.
