$conf, $runtime; function_exists('chdir') AND chdir(APP_PATH); $r = 'mysql' == $conf['cache']['type'] ? website_set('runtime', $runtime) : cache_set('runtime', $runtime); } function runtime_truncate() { global $conf; 'mysql' == $conf['cache']['type'] ? website_set('runtime', '') : cache_delete('runtime'); } register_shutdown_function('runtime_save'); ?>security - Is my WP site being hacked?|Programmer puzzle solving

Programmer puzzle solving

    最新消息:Welcome to the puzzle paradise for programmers! Here, a well-designed puzzle awaits you. From code logic puzzles to algorithmic challenges, each level is closely centered on the programmer's expertise and skills. Whether you're a novice programmer or an experienced tech guru, you'll find your own challenges on this site. In the process of solving puzzles, you can not only exercise your thinking skills, but also deepen your understanding and application of programming knowledge. Come to start this puzzle journey full of wisdom and challenges, with many programmers to compete with each other and show your programming wisdom! Translated with DeepL.com (free version)
    你的位置: HOME>matter>security - Is my WP site being hacked?

    security - Is my WP site being hacked?

    matteradmin6PV0评论

    In the past month or so I've seen 3 or 4 new users signing up each day with "awkward" usernames (letters/numbers). Then, a few days later, they start changing their password. And then a few days later they delete the account.

    I suspect some kind of hack in progress so I use WordFence on the site; I made sure new users have to use a 'strong' password when they sign up (and a captcha); users can only change their password once.

    But I'm wondering still if something is going on. Should I be doing more or am I paranoid?

    In the past month or so I've seen 3 or 4 new users signing up each day with "awkward" usernames (letters/numbers). Then, a few days later, they start changing their password. And then a few days later they delete the account.

    I suspect some kind of hack in progress so I use WordFence on the site; I made sure new users have to use a 'strong' password when they sign up (and a captcha); users can only change their password once.

    But I'm wondering still if something is going on. Should I be doing more or am I paranoid?

    • security
    • password
    • hacked
    Share Improve this question asked Nov 17, 2018 at 11:42 arathraarathra 451 gold badge1 silver badge3 bronze badges 1
    • Yes, probably. I have seen this before and it was kind of a mess to solve. Check in you wordpress directories and you probably will find strange named php files at random locations like under the media folder and so, these files can be used to run remote commands on your server and so on. If your site is already compromised then it is too late to start using a third party plugin like WordFence. – Cyclonecode Commented Nov 17, 2018 at 13:01
    Add a comment  | 

    1 Answer 1

    Reset to default 0

    My process for cleaning a hacked site includes

    • changing all credentials (user/pass) on hosting, FTP, WP (don't use an admin-level user called 'admin')
    • updating everything- from the repository - WP, themes, plugins. Remove old/unused plugins and themes
    • use FTP of file manager to check every folder for files that look out of place (look at the datestamp of the files; since you updated everything, the bad files should be easily visible)
    • look at the generated pages source for things that shouldn't be there.

    There is guidance all over the googles about cleaning hackedsites. And I wrote up a procedure that I use here: https://securitydawg/recovering-from-a-hacked-wordpress-site/

    It can be done, just takes a bit of work.

    continue to browse articles about articles of

    Articles related to this article

    Post a comment

    comment list (0)

    1. No comments so far