Problem with hackers installing plugins
-
I’m having recurring problems with hackers installing malicious plugins on my self-hosted web site. I’ve changed my account password many times, removed the ‘admin’ account long ago, and many of the other usual security measures normally advised. I’ve also used the admin panel to log all devices out of the site when changing the password.
What makes me suspicious is that I never see a login on my activity log. The series of events are always the same:
Plugin.zip – document uploaded
– plugin installed
Plugin.zip – document deletedI’m looking into MFA, but I’m concerned that the problem isn’t with logging into my site directly, but some other vector I’m not seeing that is going through admin_ajax.php. I’ve also changed my wordpress.com password and set up MFA on there just to be sure.
Any assistance on this would be appreciated.
-
-
Hi there – That this is happening is unfortunate. What we need to do now is direct you to where you can find help for this.
Hi there,
The site you’re working on is not hosted with WordPress.com. I believe you’re using open-source WordPress software (from WordPress.org) but hosting your site elsewhere.
You’ve reached the forums for WordPress.com support. This means our support tools aren’t designed to directly support your needs. We’ll need to direct you to the WordPress community support forums (at WordPress.org) where you can get more relevant help. https://wordpress.org/support/forum/how-to-and-troubleshooting/
If you’re wondering: WordPress.com and WordPress.org are two entirely separate entities. You can read more about the differences here: https://wordpress.com/support/com-vs-org/
Try the community forums at WordPress.org. We hope you find a solution soon.
- The topic ‘Problem with hackers installing plugins’ is closed to new replies.
WordPress.com Forums 