Entire WordPress site files deleted

  • Resolved cannon303

    (@cannon303)


    12 months ago

    Hi I’m trying to get to the bottom of how someone gained access in order to delete the entire WordPress site files and upload their own website. Luckily I made a back up of everything when I inherited this site. The site is hosted on cPanel but unfortunately there are no logs as to access to cPanel itself and so it is a possibility that someone broke in there and used the file manager to delete the site. The FTP logs show no activity.

    So really I wanted to ask if it is actually possible to delete the whole site files from within WordPress itself either through a vulnerable plugin or even a security flaw from an out of date WordPress version?

    The plug-ins used to construct this site are Elementor, Elementor Pro, Timeline Widget for Elementor, Smush, Safe SVG, Enable Media Replace, GA Google Analytics, UpdraftPlus Backup/Restore. All we’re about 2 years out of date.

    I know that out of date plugins can present all manor of vulnerabilities such as uploading files etc but I’ve never heard of a security flaw that allows the complete removal of the existing WordPress website.

    Maybe this is commonplace but I haven’t found anything when searching. Is this something you’ve experienced?

    Thanks

    • This topic was modified 12 months ago by cannon303.
Viewing 16 replies (of 16 total)
  • Thread Starter cannon303

    (@cannon303)

    Hi Tuhin the cPanel login page doesn’t offer a password reset link unless there is a different login page somewhere that I do not have access to. The address to cPanel that I have been given isn’t the usual domainname.com/cpanel but instead it’s an addess using the IT company URL. Regarding your second question, I no longer have access to cPanel so cannot see that info without requesting it but I can tell you it certainly won’t contain my email address. All I have is a username and now an out of date password.

Viewing 16 replies (of 16 total)
  • The topic ‘Entire WordPress site files deleted’ is closed to new replies.