WordPress site/account got hacked

• 

  gocatchtaxiapps · Member · Feb 22, 2022 at 8:42 am

  • Copy link
  • Add topic to favorites

  Hi there, when I logged in through the WordPress dashboard, I saw over 1000 random posts, definitely not from our team. It looks like we have been hacked.

  I did not experience this kind of thing before and I am a bit lost on how to fix it.

  Your advice will be of much help here!

  Our team is deleting the random posts and the password has been changed for the affected user but we are unsure what to do next.

  Moreover, based on this kind of hack mentioned above for the random posts, how is it possible for someone to access our account and posts spam? This will help to better understand to strengthen the security.

  I thank you in advance for your help!

• 

  staartmees · Member · Feb 22, 2022 at 9:42 am

  • Copy link

  First things first: what is the URL of the site you are talking about?

• 

  kokkieh · Staff · Feb 22, 2022 at 1:27 pm

  • Copy link

  Hi there,

  If all the posts were from the same user, it most likely means that specific user’s account was compromised, rather than that your site itself has been hacked. In other words, either that user was careless with their login details, or they have the Post by Email feature active and was careless with their secret email address.

  It’s also possible, though less likely, that someone gained access to the database and added the posts there directly. Your hosting provider’s logs should show if there was any unauthorised access there.

  I assume you’re speaking of one of the two Jetpack-connected sites under your account. Those sites aren’t hosted on our servers, so we have no control over who have access to those sites, and our ability to help here is limited to giving some general advice.

  You can take a look at the documentation over on WordPress.org about improving security on a WordPress site:

  https://wordpress.org/support/article/hardening-wordpress/

  One immediate measure that comes to mind is to add a two-factor authentication plugin to your site, and force all users to enable that – most good 2FA plugins will have an option built in to force people to enable it. This will add another level of security to all user accounts on the site.

  It’s not foolproof, though – there’s not yet a security measure that can protect against a human being careless with the account creds, unfortunately :)

  Also review your hosting account, specifically who has direct access to the database and FTP credentials, and if possible enable 2FA on the hosting account as well.

  For more advice on this, you can ask the WordPress.org community who makes the version of WordPress you’re using, in their forums at https://wordpress.org/support/forums/

• 

  gocatchtaxiapps · Member · Feb 24, 2022 at 5:29 am

  • Copy link

  Hi guys, thank you very much for your responses!