Security Question

Hi, so I have two websites running pre- on ICDsoft hosting. Both have been flagged for malicious activity. It just seems strange that both these sites had this happen- I am wondering if this is a cause of the security issue? Here is the email I received for one:

Here are web server log entries that show malicious activity: - - [14/Feb/2024:10:18:04 -0500] “POST /ahoqmcro.php HTTP/1.0” 200 4920 “” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36 Edg/115.0.1901.183” 0 0 “on:TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256” 12278 281046 proxy:unix:/home/ballengee/.config/php-fpm/.sockets/php-fpm-uPFjLRzgMafPNB9ASnRbArtET.sock|fcgi://worker -

We strongly recommend that you follow these steps in order to secure and upgrade WordPress:

  • Save the wp-config.php file, your images, and your personal files one by one (not the folder as it may contain unwanted files).
  • Make sure that there is no malicious code in the saved wp-config.php file.
  • Wipe out the entire folder where WordPress is installed.
  • Upload a new clean full package of the latest WordPress version.
  • Re-upload your wp-config.php file and images.
  • Re-install the latest versions of your plugins and themes.
  • Change the passwords for all WordPress admin users. Please use passwords that are hard to guess.
  • Change the hosting Control Panel password and all MySQL passwords.

So far I can get in the back end with the password they sent, it looks fine, so I have exported out templates to rebuild.

Seems like a lot of work to do, I wonder if I can just update Bricks and I’m good to go?

Any thoughts greatly appreciated!

thanks! I’ll have a look.