Earlier in the week, we were mentioning that many hack cleanup providers don’t do the essential work of trying to figure out how websites were hacked. If you hire one of them, you might get lucky, and that doesn’t matter because the hacker hit the website once and moved on, but with more persistent hackers, that isn’t going to work out. Here is a fresh example of that involving two of those providers, Sucuri and MalCare:
A WordPress site I work for hosted on WPEngine has suffered from a malware attack. The attack was noticed when a consent management pop up started appearing on the home page. WPEngine’s security team from Sucuri hasn’t been much help as they’ve scanned and “removed” the problem 5 times now. I’ve also used a premium service from MalCare which did basically what Sucuri did, scanned said “it’s fixed” and then it came back.
That person tried a lot of things to deal with this:
I have enabled a number of security features including disabling enumeration, 2FA, custom wp login url, automatic password lockout after 2 tries, changing file permissions on certain files, enabled automatic alerts on file changing or file addition, deleted non essential users, changed passwords to all current users multiple times…
What they really need is to bring someone in who will work through trying to figure out how the hacking is continuing, addressing that, and trying to figure out how it started.
If you are in need of someone who will actually do that work, we do that for WordPress websites and other types of website.