Reporting security vulnerabilities and my site was hacked

Hacks can happen for a variety of reasons, from a compromised password all the way up to a compromised server. It doesn’t necessarily mean that there’s a new vulnerability in WordPress.

Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

If you find that the vulnerability was in WordPress core, please follow these steps: https://make.www.ads-software.com/core/handbook/testing/reporting-security-vulnerabilities/

If you find that the vulnerability was in a plugin, please follow these steps: https://developer.www.ads-software.com/plugins/wordpress-org/plugin-security/reporting-plugin-security-issues/

Hey James
We had this yesterday, too. all accounts were changed to user ?foxilitrix“ and the password was also changed.
Can you say if you have/had one or more of this plugins on all your sites installed:

– 404 All Redirect
– Popup Builder
– WooCommerce Orders Export (CSV)
– DateTime Picker Plugin
– Webp Generator
– WP Rocket
– Revolution Slider
– WPBakery / Visual Composer

Maybe we can find the malicious code with your help.