WordPress admin username changed to html404
-
Posting this as a public service alert and to provide a place for others to report same issue. Two other sites are affected as of 2018.01.10, both reporting here on *Wordpress.com* forum: my-wordpress-username-has-changed-to-html404
My client’s admin account was hacked this morning. Symptom: admin user account name replaced with ‘html404’
Site is running a selfhosted version of wordpress, 4.9.2, NOT tied to a wordpress.com account.
I immediately:
– logged in and confirmed user html404 appeared in user list.
– opened the html404 user profile in the profile editor
– logged user out of all sessions
– changed the user email and password
– created another admin profile to replace the hacked profile
– deleted the hacked profile, attributing all its content to the new
admin profileI’m still in the process of conducting a forensic analysis on the website access logs. Will post findings on this thread.
-
Moved to Fixing WordPress as it’s not an Everything else topic. Your client’s site was hacked.
I’m still in the process of conducting a forensic analysis on the website access logs. Will post findings on this thread.
These aren’t discussion forums but your client’s has a real problem. In the context of helping you delouse your client’s site please do post here.
In the context of a conversation? Please consider using your own blog instead and not here.
There’s not really any mystery to a hacked site. It’s always either vulnerable code, bad practices in passwords or bad hosting.
Please give this a good read.
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
When you have successfully deloused that site then consider giving this a read too.
- The topic ‘WordPress admin username changed to html404’ is closed to new replies.