Possible Them Vunerability

bloohair · April 29, 2018, 8:46pm

Hi,
I am looking after my sister’s website at https://lynnbailey.co.uk
She has twice had a virus on the site that injects code into the Custom CSS area of the theme. I have put Wordfence on the site, but it got attacked again with Wordfence active and up to date. The virus is called Cutwin. Do you know anything about it?
We have rectified the problem by rolling back to a date prior to the hack, but would appreciate it if you had some guidance on how to prevent this from happening.

The Theme is version 2.3.5

Thank you

mikesupport17 · April 29, 2018, 10:44pm

Hi there,

The virus probably placed something in the database to boot itself back into the site even after a cleaning scan.
You will need to find that in the database similar to the guide here for cleaning a similar virus - https://wpfixit.com/traffictrade-wordpress-infection/

Also this is a general guide you can use - https://sucuri.net/guides/how-to-clean-hacked-wordpress
Sorry for the inconvenience.