Betso88 login register gcash philippines,Extreme88.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved achanne
(@achanne)

8 months, 2 weeks ago

Hi All,

I have a site in which, after activating an activity log plugin, I have discovered unauthorized admin account logins despite changing password multiple times, using long randomly generated passwords. I have already blocked xmlrpc.php using a plugin. When I checked visit logs in C-Panel, matching the suspicious login IP address and time to that recorded in the dasboard’s activity log (plugin), it looks like login was via example.com/wp-json/wp/v2/users (where example.com is our own url) which I think has something to do with REST API. It looks like the hacker was able to somehow login WITHOUT a password.

I understand I can easily disable the /wp-json/wp/v2/users but we NEED REST API because xmlrpc.php has been disabled (which helped reduce brute force attack) and we have plugins (such as Mail SMTP) that require connections to third party sites such as Google (where secret keys are used). How can I secure the site and still be able to use REST API?

Viewing 6 replies - 1 through 6 (of 6 total)

tavyDesign
(@tavydesign)

8 months, 2 weeks ago

Hello, check for php files in uploads, block run php files in that directory, delete all plugins and themes, and fresh install

Moderator James Huff
(@macmanx)

8 months, 2 weeks ago

Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

Thread Starter achanne
(@achanne)

8 months, 1 week ago

Just to provide an update: I installed the plugin Wordfence, and it was able to block https://www.example.com/wp-json/wp/v2/users without preventing REST API from working.

Most likely, the hacker ran a program that grabs admin usernames and other data from /wp-json/wp/v2/users and then the program uses that info to log in without a password. So after blocking access (such as by installing Wordfence), it may be a good idea to change the username used for login rather than your password (although it doesn’t hurt to change that as well).

Moderator James Huff
(@macmanx)

8 months, 1 week ago

Would you please report that following the steps at https://make.www.ads-software.com/core/handbook/testing/reporting-security-vulnerabilities/ ?
spugh7591
(@spugh7591)

7 months, 3 weeks ago
Hello,

My site was hacked last year and the hacker was able to get administrative access and make him or her as an administrator under users on my WordPress website. Is that possible? I kept deleting it but they came back everyday while I was trying to protect the site. After the 3rd day they hacked me and I had redirects, external links etc. I do have to note that the previous owner of the website had user access as an administrator which I granted him because he was helping me with a few things on the site. What’s the probability that it was him and not someone else? Someone told me it had to be him because the hacker was in the users column with me and him.
- This reply was modified 7 months, 3 weeks ago by spugh7591.
- This reply was modified 7 months, 3 weeks ago by spugh7591.
Moderator James Huff
(@macmanx)

7 months, 3 weeks ago

It’s hard to know if you weren’t keeping audit logs @spugh7591 .

Follow the steps mentioned at https://www.ads-software.com/support/topic/hacking-unauthorized-admin-login/#post-17491836 and in the future, please open your own thread instead of jumping into someone else’s with an unrelated issue.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Hacking: Unauthorized Admin Login’ is closed to new replies.

Hacking: Unauthorized Admin Login

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics