Jili999 review.Enjoy Free 888+200 Daily Legal Bonus

RVH
(@rvh)

3 months, 1 week ago

Wordfence has been a lifesaver for me. It recently tracked a new user being created outside wordpress. WF shows that I have a clean install and no issues. Here is a screenshot of what this “user” did. https://bobhatcherweather.com/wp-content/uploads/wp-update-activity.jpg

Any ideas as to how this user is being created? Can WF help me diagnose where it’s coming from?

The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

Thread Starter RVH
(@rvh)

3 months, 1 week ago

Someone asked if my log files were any help, the answer is yes, the told me exactly what the intruder did and I was able to fix it all. My question, though, is, if anyone knows of any method, hacked plugin or theme, or something else that would allow an admin user to be created outside of WP?

Physically, unless someone had access to my database login info, how can a user be created from outside WP?
Plugin Support wfpeter
(@wfpeter)

3 months, 1 week ago
Hi @rvh, thanks for the detailed description and sorry to see you’ve had trouble with this.

I wouldn’t rule out any potential access point so unfortunately whenever a site appears to have been compromized they all could be a factor. As a rule, any time I think someone’s site has been affected I tell them to update their passwords for their hosting control panel, FTP,? WordPress admin users, and database. Make sure to do this.

You can see rogue users (and often comments) potentially trying to come through XML-RPC instead of your login page, which can be disabled. “Disable XML-RPC authentication” appears in Wordfence > Login Security > Settings. You can also block this route entirely using .htaccess, provided you don’t use the WordPress app or a plugin that requires it such as Jetpack:
```
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
```
I will provide our site cleaning instructions for you below in case anything there hasn’t been already checked or can assist you in digging a little deeper:
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

Additionally you might find the WordPress Malware Removal section in our free Learning Center helpful. We provide a site cleaning service should you need further assistance, as do other companies out there.

Many thanks,
Peter.
Thread Starter RVH
(@rvh)

3 months, 1 week ago

Thanks, I’ve updated all passwords but forgot about the database. I think I will update that too. I’ll also spend some time with the links you posted.

Is it possible to get to the database other than through the hosting company’s website? Can it be accessed by logging onto my website?

Bob

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.