security - Is my WP site being hacked?

admin管理员组

文章数量:1130349

In the past month or so I've seen 3 or 4 new users signing up each day with "awkward" usernames (letters/numbers). Then, a few days later, they start changing their password. And then a few days later they delete the account.

I suspect some kind of hack in progress so I use WordFence on the site; I made sure new users have to use a 'strong' password when they sign up (and a captcha); users can only change their password once.

But I'm wondering still if something is going on. Should I be doing more or am I paranoid?

In the past month or so I've seen 3 or 4 new users signing up each day with "awkward" usernames (letters/numbers). Then, a few days later, they start changing their password. And then a few days later they delete the account.

I suspect some kind of hack in progress so I use WordFence on the site; I made sure new users have to use a 'strong' password when they sign up (and a captcha); users can only change their password once.

But I'm wondering still if something is going on. Should I be doing more or am I paranoid?

• security
• password
• hacked

Share Improve this question asked Nov 17, 2018 at 11:42 arathraarathra 4511 gold badge11 silver badge33 bronze badges 1

• Yes, probably. I have seen this before and it was kind of a mess to solve. Check in you wordpress directories and you probably will find strange named php files at random locations like under the media folder and so, these files can be used to run remote commands on your server and so on. If your site is already compromised then it is too late to start using a third party plugin like WordFence. – Cyclonecode Commented Nov 17, 2018 at 13:01

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

My process for cleaning a hacked site includes

• changing all credentials (user/pass) on hosting, FTP, WP (don't use an admin-level user called 'admin')
• updating everything- from the repository - WP, themes, plugins. Remove old/unused plugins and themes
• use FTP of file manager to check every folder for files that look out of place (look at the datestamp of the files; since you updated everything, the bad files should be easily visible)
• look at the generated pages source for things that shouldn't be there.

There is guidance all over the googles about cleaning hackedsites. And I wrote up a procedure that I use here: https://securitydawg/recovering-from-a-hacked-wordpress-site/

It can be done, just takes a bit of work.

In the past month or so I've seen 3 or 4 new users signing up each day with "awkward" usernames (letters/numbers). Then, a few days later, they start changing their password. And then a few days later they delete the account.

I suspect some kind of hack in progress so I use WordFence on the site; I made sure new users have to use a 'strong' password when they sign up (and a captcha); users can only change their password once.

But I'm wondering still if something is going on. Should I be doing more or am I paranoid?

In the past month or so I've seen 3 or 4 new users signing up each day with "awkward" usernames (letters/numbers). Then, a few days later, they start changing their password. And then a few days later they delete the account.

I suspect some kind of hack in progress so I use WordFence on the site; I made sure new users have to use a 'strong' password when they sign up (and a captcha); users can only change their password once.

But I'm wondering still if something is going on. Should I be doing more or am I paranoid?

• security
• password
• hacked

Share Improve this question asked Nov 17, 2018 at 11:42 arathraarathra 4511 gold badge11 silver badge33 bronze badges 1

• Yes, probably. I have seen this before and it was kind of a mess to solve. Check in you wordpress directories and you probably will find strange named php files at random locations like under the media folder and so, these files can be used to run remote commands on your server and so on. If your site is already compromised then it is too late to start using a third party plugin like WordFence. – Cyclonecode Commented Nov 17, 2018 at 13:01

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

My process for cleaning a hacked site includes

• changing all credentials (user/pass) on hosting, FTP, WP (don't use an admin-level user called 'admin')
• updating everything- from the repository - WP, themes, plugins. Remove old/unused plugins and themes
• use FTP of file manager to check every folder for files that look out of place (look at the datestamp of the files; since you updated everything, the bad files should be easily visible)
• look at the generated pages source for things that shouldn't be there.

There is guidance all over the googles about cleaning hackedsites. And I wrote up a procedure that I use here: https://securitydawg/recovering-from-a-hacked-wordpress-site/

It can be done, just takes a bit of work.

本文标签： securityIs my WP site being hacked