security - Is my WP site being hacked?

admin2025-06-06 9

In the past month or so I've seen 3 or 4 new users signing up each day with "awkward" usernames (letters/numbers). Then, a few days later, they start changing their password. And then a few days later they delete the account.

I suspect some kind of hack in progress so I use WordFence on the site; I made sure new users have to use a 'strong' password when they sign up (and a captcha); users can only change their password once.

But I'm wondering still if something is going on. Should I be doing more or am I paranoid?

Share Improve this question asked Nov 17, 2018 at 11:42 arathra 451 gold badge1 silver badge3 bronze badges

Yes, probably. I have seen this before and it was kind of a mess to solve. Check in you wordpress directories and you probably will find strange named php files at random locations like under the media folder and so, these files can be used to run remote commands on your server and so on. If your site is already compromised then it is too late to start using a third party plugin like WordFence. – Cyclonecode Commented Nov 17, 2018 at 13:01

Add a comment |

1 Answer 1

Sorted by: Reset to default 0

My process for cleaning a hacked site includes

changing all credentials (user/pass) on hosting, FTP, WP (don't use an admin-level user called 'admin')
updating everything- from the repository - WP, themes, plugins. Remove old/unused plugins and themes
use FTP of file manager to check every folder for files that look out of place (look at the datestamp of the files; since you updated everything, the bad files should be easily visible)
look at the generated pages source for things that shouldn't be there.

There is guidance all over the googles about cleaning hackedsites. And I wrote up a procedure that I use here: https://securitydawg/recovering-from-a-hacked-wordpress-site/

It can be done, just takes a bit of work.

转载请注明原文地址:http://conceptsofalgorithm.com/Algorithm/1749172462a316971.html

securityIs my WP site being hacked

最新回复(0)