Cannot delete ‘phantom’ posts

So we’re getting a bunch of posts appearing without any content

do you recognize the author (s) of these posts?

Just to be safe, check your database. From phpmyadmin, select all the tables and, with the button at the bottom that says “with selected” choose “check and repair”.

Hi Tara, yeah there appears to be no difference in author. i.e there’s only one author.

Steve, just tried this, but has no effect on deleting the posts. Any ideas?

Have you checked to see if you’ve been hacked?

How would we go about that?

In fact, we get quite a few emails from the Wordfence plugin for that domain about blocked login attempts…

scan with Wordfence, check your site on sitecheck.sucuri.net

sitecheck.sucuri.net did not indicate hacking of the site.

However, as @sterndata, please also scan with Wordfence.

Hm odd, Wordfence wasn’t even installed when I checked. (We have recently transferred this domain to a new server so may be why?) Although were still receiving Wordfence blocked login emails :s

I’ve reinstalled it and its scan showed everything secure apart from the DNS change we made.

sitecheck.sucuri.net also showed no problems.

Any ideas? ??

If you compare the times these posts are created against your access logs, can you see who’s creating them and their IP address?

We’ve just been trying to do this with our hosts’ help, can’t see any obvious appearance of where they’re being created using the access log, although we’re not entirely sure we understood the log completely!

I think I may have figured something else out though that may be of use; they all contain tags that the user would have added. Selecting one relatively obscure tag that I believe would have only been entered for one post, does indeed filter to only one of the problematic posts.

What’s more, these posts all have the date of publishing as either 2012 or 2013. The earliest, and unaffected post, after this is from 2014.

So is it likely this isn’t to do with a hacking?

maybe ??

At this point, though, the way to delete those posts may be to either write a script or do it with SQL queries.

Ominous! ??

I see, so it has to be a query run through phpmysql? Can we select a delete the posts from here?

You can delete posts (and the associated postmeta records) from phpmyadmin. You’ll need to see how they relate:

https://codex.www.ads-software.com/Database_Description

Hm in fact, looking at the posts on Phpmyadmin, I see many pages of these posts supposedly created in 2012. Really not sure now…getting more and more confused/concerned!

How the Post and the Postmeta relate to eachother?

Looking on the table now, some posts are listed as Post Type: Post, so I guess those are instances of posts? As opposed to those listed as Attachment for instance?

I’ve also noticed there’s two different Post_Author types, 1 and 0.