It was a login error in WordPress. The easiest way to thwart it was to have IP restrictions (i.e., htaccess) on the wp-admin folder.
This person would have never been infected had he done that.
If anybody wants to know more, start a new post, and I'll be glad to help.
|This was an unanswered question or unresolved issue found during a site audit. It's hard to have an FAQ when the answers are missing, or final outcomes are unknown. At The Digital FAQ support forum, questions are never intentionally ignored, and may have been missed due to a forum glitch or human error. More details on the audit. (In some cases, threads have been edited/updated with newer information.)|