There has been a lot published recently about a new WordPress admin hack. This WordPress hack is where unknown users show up in your WordPress dashboard as administrators. Needless to say how dangerous and detrimental this is to your site, let alone product, service, and brand.
Stopping The WordPress Admin Hack
When faced with this hack here are some steps the Trinity Web Media’s WordPress Development team take to eliminate and mitigate the risk.
(Perform all steps if you suspect your site has been compromised or vulnerable to attacks of any type including this WordPress admin attack.)
1. Update all themes and plugins
2. Change all WordPress passwords (Please never use the username: admin or the password: password or password123)
3. From your site’s cPanel change all FTP passwords
4. While in cPanel change the database username password associated with the site. This is done from mySQL in the cPanel. If you are not sure which username is used open up your wp-config file and it will be listed. Also, keep the wp-config file open and replace the database password with the newly created password. This MUST be done or your WordPress site will throw an error.
5. From the WordPress dashboard go to Settings > General and make sure the membership box is unchecked.
6. Look within your site’s root directory on your hosting server for any .php or .exe miscellaneous files that are out of the norm. If discovered, delete at once.
Once all the steps are completed, we recommend performing a site check with Sucuri Sitecheck. This final step will ensure that your site is free of malware and no damage was done to the site.
Yes, this seems like a lot, but once your site is locked down and secure you have peace of mind that your site is free from this attack and service will remain as normal.
If you have any questions, or feel like these instructions are too technical for you, please feel free to contact us to help.
