Security Issue

  • drtux2684

    (@drtux2684)


    3 weeks ago

    My WordPress dashboard is inaccessible and only open for access from the local network. However, someone was able to log in as an admin in two attempts through the WooCommerce my-account link. The logs only show admin-ajax.php being called. In this situation, what security measures should I take? What are your recommendations?

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi @drtux2684 ,

    First of all you should always keep your themes, plugins and WP version up to date. Do a backup first.

    Change admin user passwords, your ftp passwords and database password

    You can also install a security plugin like Wordfence and run a vulnerability scan

    You can also contact your hosting provider and ask to run a malware scan

    Thread Starter drtux2684

    (@drtux2684)

    Hi @mafnah

    Thanks for your comment. I have already Wordfence, I don’t use FTP server on my server. I always run malware scan tools and my plugins are up to date. My wp was hacked by “my-account” which is included in Woocommerce plugin.

    Welcome @drtux2684,

    Do you have any Woocommerce template overrides in your theme or it’s the default Woo account page?

    If it’s the default one I think the best thing you can do is to contact the Woo support team and let them debug. https://www.ads-software.com/support/plugin/woocommerce/

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.