davidhc

Ominous! ??

I see, so it has to be a query run through phpmysql? Can we select a delete the posts from here?

We’ve just been trying to do this with our hosts’ help, can’t see any obvious appearance of where they’re being created using the access log, although we’re not entirely sure we understood the log completely!

I think I may have figured something else out though that may be of use; they all contain tags that the user would have added. Selecting one relatively obscure tag that I believe would have only been entered for one post, does indeed filter to only one of the problematic posts.

What’s more, these posts all have the date of publishing as either 2012 or 2013. The earliest, and unaffected post, after this is from 2014.

So is it likely this isn’t to do with a hacking?

Hm odd, Wordfence wasn’t even installed when I checked. (We have recently transferred this domain to a new server so may be why?) Although were still receiving Wordfence blocked login emails :s

I’ve reinstalled it and its scan showed everything secure apart from the DNS change we made.

sitecheck.sucuri.net also showed no problems.

Any ideas? ??

How would we go about that?

In fact, we get quite a few emails from the Wordfence plugin for that domain about blocked login attempts…

Hi Tara, yeah there appears to be no difference in author. i.e there’s only one author.

Steve, just tried this, but has no effect on deleting the posts. Any ideas?