Unauthorized Blog Posts
-
I have a few websites hosted on a shared plan with a top host. They are all running the latest WordPress installation and all the plugins are updated. I’ve even uninstalled all plugins that are more than a few months old. Some of these sites have a few plugins on them, a few others only Akizmet, Jetpack, and Wordfence.
Lately, I have been receiving a large number of blog posts that are terribly written and have links to sites that don’t exist. I’ve tried other security software, tried a lot of online solutions with high ratings, etc. I’ve even banned all IP addresses except for mine and also updated all the passwords to highly encrypted versions. The posts continue.
Does anyone have any idea how these posts are being scheduled? It’s taking all my time watching and deleting these and it’s taking away from my work and family time and has just become a very big headache.
The blog I need help with is: (visible only to logged in users)
-
Can you post a link to one of the posts?
Also, who is the host just out of curiosity (I ask because some hosts will provide hacked site cleanup)?
Do the posts happen on all sites?
What user do the posts show up under?
-
I will be able to as soon as they reschedule since I’ve already deleted this batch permenantly. They don’t seem to be on any specific schedule and almost feel manually done aside from sometimes hundreds are published at a time.
The host is Siteground. They have helped make sure the server is secure and their scans haven’t detected any malware. They believe it’s a plugin but since it’s not managed hosting, they just pointed me towards Sucuri. They will be a last result, but I’m not ready to drop a few hundred just yet.
The posts do show up on all my sites but the articles are different between them all. They are always poorly spun articles about sports and usually point to sites that don’t exist.
The weird part is, they don’t have a user associated with them. When I post, they show up showing me as the author, but these scheduled ones, the user is blank.
-
-
The only common plugins would be Jetpack and Akismet.
Is it possible that one insecure plugin could allow access to my other installs?
-
Definitely possible, what hosting level do you use with Siteground?
Also, are you familiar with cpanel at all?
-
I’m on the GoGeek plan, it’s their highest plan before going to managed hosting which I’m not ready for yet.
I’m familiar enough to get around and find what I need as well as basic database knowledge.
Speaking of, I also check the databases for users. I’ve heard sometimes hackers can hide a user from the admin dashboard but I’m the only user in the database as well.
-
Hello folks, Just to clarify, this support forum assists users of WordPressdotcom hosted sites and the guidance provided here may not be relevant to DIY WordPress.org sites hosted with an external hosting provider (e.g. Bluehost, GoDaddy etc.). If you need help with a site using the open source WP (org) software, you’ll want to head over to https://wordpress.org/support where they likely have more experience with the type of issue you are having. You should also be able to contact Siteground’s support for this.
For more information on the differences: https://en.support.wordpress.com/com-vs-org/
Best wishes for a quick solution.
-
Thank you. I’ll check that out too. Usually, I can solve these myself but this one has got me.
-
I am on that same plan with SG, what security plugins do you use?
Look through all the log files you see in cpanel, you might see something that looks out of place or has high bandwidth or CPU usage.
Also, in WP Settings >> General >> Membership >> do the sites in question have the checkbox for “anyone can register”?
-
For security, I’m using Wordfence on all of them. I just added Sucurri to my main site as well to test it out and see if it does anything different.
I also have Akismet running on all of them as well.
So far, I haven’t noticed anything out of the ordinary but I recently did find a file I’ve never noticed on my FTP labeled: core.26293 but couldn’t find any reference online about it.
I’m not sure if it arrived from a plugin, or the hack, but it was only on one of the sites in question.
Membership is not open to anyone.
-
Adam I sent a message via your site contact form, I wasn’t paying attention when I replied to the thread originally to realize we were in the .com forums.
-
-
Hello again @thegroovylab, when posting to our community forums, all community members are subject to our Best Practices and Community Standards. These forums cannot be used to solicit/offer off-forum assistance. Since you already started answering @adammiconi here in the forums, feel free to continue, but better to refer the user to the correct support forums.
You may also wish to review our guide to volunteering in the forums if you haven’t seen it yet: https://en.support.wordpress.com/wordpress-com-volunteers/ Thanks
@adammiconi – I also again suggest that you contact your hosting provider, if you haven’t already done so, and/or the WordPress.org community.
-
“These forums cannot be used to solicit/offer off-forum assistance.”
I don’t see a reference to that in either of the links you provided.
- The topic ‘Unauthorized Blog Posts’ is closed to new replies.
WordPress.com Forums 