Hacker?

Probably, there’s always a hacker trying to get into your site

I have no idea what license.php is, so is this a hack?

Does this file exist in your root directory?

Sucuri shows you blacklisted.
https://sitecheck.sucuri.net/results/513.c62.myftpupload.com/

i only find license.txt. I had already changed my login page url, but somehow still managed to find my login page and tried signing in.

It’s a dumb robot that is stabbing in the dark

@kmessinger that domain is not the main domain for the website. Does it make a difference? I checked the main domain and according to sucuri, the main domain is not blacklisted.

The site I checked was the one on your profile.

Hi-

Do you have any security plugins installed and enabled? I personally like WordFence.

Here’s how I would go about cleaning up:

-Make sure you change your password to something really strong (uppercase/lowercase/number/character)

-Make a backup of your wp-content/themes/ folder

-Write down the plugins you have activated

-Download a fresh copy of the latest version of WP

-Using FTP, log into your server and delete all the WP core files and re-upload the fresh copies (including downloading all new plugin files and reuploading)

-Take a look at your home directory and make sure there are no “odd” files (you can compare what’s in the WP download folders with the folders on your server — if you find any discrepancies, proceed cautiously before deleting)

-Get new Salt keys (good article here: https://www.wpbeginner.com/beginners-guide/what-why-and-hows-of-wordpress-security-keys/)

That’s just a starting point. Depending on your level of technical skill, there are more advanced things you can do. But doing the above is a bare minimum.

@kmessinger
Both domains are directed to one IP address. I don’t understand how one would be blacklisted and the other one wouldn’t be.

@lisafoxnet
Thank you very much that was very helpful. I had already did a few things on that list. I will continue to complete the rest.