Thanks a lot for your analysis. The site is not operative yet so most probably in was hacked.
It’s strange though that the site was auto-updated to the version 4.2.5 which is not supported. While in the same auto-update email it was indicated that “WordPress 4.3.1 is also now available”. Why not auto-update at once to the most fresh version?
Can it happen that the security releases with 4.2.5 triggered the alarm concerning absence of the indication in the wp-config.php of the second user of the data base?
In general, should I indicate in the wp-config.php the second user of the data base?
And will it be safe to update to 4.3.1 immediately after the autoupdate to 4.2.5?
I’m aware that I probably should open new topics for these questions.
