My blog was hacked? WP posting random posts

admin管理员组

文章数量:1123888

I have been searching at this site posts about blogs being hacker, but I haven't find something like this.

One of our Editor's account has started to publish random posts. Our first thought was his password being stolen, so we changed it and we told him not to log in for a certain time. Random posts appeared again at the next day.

We tried yesterday to change his role to Subscriber, so he doesn't have permission to post. Random posts have appeared again this morning.

Have any of you been in a similar situation? Any solution to this? Thanks.

I have been searching at this site posts about blogs being hacker, but I haven't find something like this.

One of our Editor's account has started to publish random posts. Our first thought was his password being stolen, so we changed it and we told him not to log in for a certain time. Random posts appeared again at the next day.

We tried yesterday to change his role to Subscriber, so he doesn't have permission to post. Random posts have appeared again this morning.

Have any of you been in a similar situation? Any solution to this? Thanks.

• hacked

Share Improve this question asked Feb 3, 2019 at 11:13 xecollonsxecollons 11911 silver badge33 bronze badges

Add a comment  | 

3 Answers 3

Sorted by: Reset to default 2

Install the wordfence plugin and run a scan. I have used it in the past as a quick method for finding rogue files in a wordpress install. It is a good program, just make sure you have secure passwords. Install it, run a full scan and you may want to pay for the upgraded version. It's a great security plugin. Follow all the findings and do what the program tells you to do.

After that, manually upgrade wordpress by overwriting all of the core files (everything except wp-content/. Btw, that folder (especially your theme's folder) is the most likely place you will have malware.

There are many things you need to do to fix a hacked site. Lots of googles on how to do it. Important things to do:

• change passwords on everything - WP accounts, FTP accounts, hosting accounts. Strong passwords, of course.
• remove the user called 'admin' (or just give it Subscriber level, after making a new admin user
• update everything - WP, plugins, themes. Reinstall current version of WP (from Update page).
• manually inspect all files in all folders for stuff that isn't supposed to be there. Sorting by date often helps, as an unauthorized file will stand out a bit with a different date from other files (epsecially if you updated everything).
• check for any hidden files

Again, lots of googles on how to do this. Takes some time, though. I've done it enough times for others that I developed my own process: https://securitydawg.com/recovering-from-a-hacked-wordpress-site/ . And, other resources with similar help here and the googles. My process works for me, so I documented it so I wouldn't forget a step the next time.

it's not usual at all maybe your site is under attack,

Increase the security ASAP, first of all, check your activated theme functions.php file. Maybe you can find some miscellaneous code there if you find then delete it. Maybe you were using any nulled theme or plugin.

Now check you're all files and folders permission,

• All files should be owned by the actual user's account, not the user account used for the httpd process.
• Group ownership is irrelevant unless there are specific group requirements for the web-server process permissions checking. This is not usually the case.
• All directories should be 755 or 750.
• All files should be 644 or 640. Exception: wp-config.php should be 440 or 400 to prevent other users on the server from reading it.
• No directories should ever be given 777, even upload directories. Since the PHP process is running as the owner of the files, it gets the owners permissions and can write to even a 755 directory.

Also, protect your wp-content folder.

You can also install https://wordpress.org/plugins/sucuri-scanner/ for WordPress free security plugin and try to scan your complete.

I'm not sure but maybe there can be some scheduled post :D, check your Cron jobs or disable them and then check again.

本文标签： My blog was hacked WP posting random posts