Being hacked. Is there a list of WordPress security holes I can check against?

That’s very sad that you are experiencing this problem.

You can do the following things to solve the problem :

  1. Check every folder for a list of known backdoors such as C99.php, C100.php, Weevely.php. (You can do that by grep). And delete anything suspicious.
  2. Download WPSCAN and run it against your website to see if any known vulnerabilities are present in your website.
  3. If you are using any nulled plugins or themes. Delete them as soon as possibl.
  4. Keep your plugins and themes up to date even if you are not using them.
  5. Always keep a regular backup so that you can restore your website.

I hope my tips help you. And remember, about the known file structure of your website, Security is always better than obscurity.
It doesn’t matter if you have a known file structure until everything you are using is safe.

Cheers!

Related Posts:

  1. Security issues with WP sites
  2. What security concerns should I have when setting FS_METHOD to “direct” in wp-config?
  3. What Are Security Best Practices for WordPress Plugins and Themes? [closed]
  4. Are WordPress Plugins essential?
  5. I found this in a plugin. What does it do? is it dangerous?
  6. What are the common security flaws I need to look for? [closed]
  7. Disabled plugins are they security holes – rumor or reality?
  8. What could a hacker do with my wp-config.php
  9. Why “Contact Form 7” doesn’t update PHPmailer library?
  10. Secure WordPress paid plugin
  11. Does WordPress contain “default” anti-SQL injection code that responds with a 404 error?
  12. What does a security risk in a plugin look like?
  13. How to generate/update a XML sitemap without plugins?
  14. WordPress Capabilities: edit_user vs edit_users
  15. Should we use plugins that aren’t available from the official WordPress site?
  16. Why allow overriding crucial pluggable functions wp_verify_nonce and wp_create_nonce?
  17. Should I install plugins to my WordPress installation from web sites having in URL “nulled” or, “null”?
  18. Disabled plugins are security holes – rumor or reality?
  19. Should I use RIPS tool to test my themes and plugins?
  20. Prevent Brute Force Attack
  21. Why users disable the WordPress update?
  22. Intercept comment form submit/list by hook/filter
  23. How many security plugins are too many? [closed]
  24. Will WordPress username displayed somewhere in the site?
  25. Upgrading WordPress 4.0 asks for FTP password
  26. Is revealing just the AUTH_KEY a security issue?
  27. How Restrict access to admin dashboard by specific static ip?
  28. When is it useful to use wp_verify_nonce
  29. Protecting against malicious code in WordPress plugin updates
  30. How to limit WordPress pages during updates?
  31. rms_unique_wp_mu_pl_fl_nm.php
  32. Weird problems after recovery from security breach
  33. How can we deal with unmaintained plugins with vulnerabilities?
  34. Security checking in meta_box save is reluctant?
  35. Escape when echoed
  36. Preventing BFA in WordPress without using a plugin
  37. Is it dangerous to install unupdated plugins?
  38. How can I make uploaded images in the editor load with HTTPS?
  39. How to stop xmlrpc attacks without disabling component to allow JetPack to work in WordPress?
  40. WordPress filter that hook after each action/filter hook
  41. The safest way to automate WordPress backups
  42. wp_create_nonce function doesn’t work inside a plugin?
  43. Does WordPress validate inputs to all functions? (such as get_user_meta and insert_user_meta)
  44. Headers Content-Security-Policy CSP Major Issue
  45. Nonce failing on form submission
  46. Why can’t I access my Intranet LDAPS with NADI?
  47. Stop Plugin Enumeration [closed]
  48. Hack-Proof OR Security in WordPress — is it real?
  49. Some one is trying to hack my website, Need guidance [closed]
  50. Can some vulnerabilities in plugins be exploited even when the plugin is inactive?
  51. Security and Must Use Plugins
  52. Is Timthumb still broken? What security measures should be taken?
  53. Prevent direct access to WordPress plugin assets?
  54. Is it safe to use admin-ajax.php in the frontend?
  55. Specific way to allow WordPress users to view their current password? And edit it?
  56. Too many login attempts
  57. Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
  58. How to prevent plugins from sniffing/stealing other plugins’ options?
  59. how to activate a plugin inside a theme
  60. Website show Google Ads when we have no Google Ads linked to our website
  61. Custom API plugin to execute 3rd party API to retrieve data
  62. How to deal with Slow HTTP POST (slowloris) vulnerability
  63. Running multiple security plugins
  64. how do I secure my WP website from hackers? [closed]
  65. Chrome Dev Tools console says every page in my blog has link to http://maps.google.com [closed]
  66. Webservice credential storage [duplicate]
  67. Regarding plugin security
  68. Want to modify a Plugin – Tweetily – Can I make it tweet a Custom Field instead of Post Title?
  69. If I use an alternative login (e.g. CAS or other SSO) plugin, is my site protected from the recent brute force login attempts?
  70. Is this plugin safe to run?
  71. Is the Block Bad Queries Plugin Still Relevant?
  72. WP Insert Post If user refreshes override new post
  73. Website Captcha Error: The reCAPTCHA wasn’t entered correctly
  74. Hide plugins and theme from public
  75. WordPress search shows protected content
  76. Security of a WordPress Plugin
  77. Can I disable xml-rpc by setting it to false?
  78. Help to Create a Simple Plugin to make a post
  79. Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
  80. prevent anonymous access to WordPress site (non-admin site)
  81. Bing/msn bots is heavily requesting random of my website
  82. “Fire Secure” menu item
  83. Securing a plugin pop-up window
  84. https rewrite not working for All in one security Brute force > rename login url
  85. Redux framework somehow added to my site, can’t locate in plugins
  86. How can i see/log all requests coming from a registration form (not from the UI)?
  87. Write mysql credentials in plugin
  88. Site is continuously accessing by several IPs
  89. using .htaccess only for wordpress security no plugins
  90. SWF in wordpress post
  91. Unwanted Links and Spam WordPress Pages and Posts
  92. File permissions for wp-minify plugin
  93. What is the recommended way to be notified of security updates to my plugins? [closed]
  94. how woocommerce swatch color name when hovered or selected
  95. How I can hide my wp folders from Inspect Element (Developer Tools)
  96. How to Find WordPress site has backdoor login Codes
  97. How to delete Password Protected posts cookies when a user logged out from the site
  98. How to rename files during upload to a random string?
  99. WordPress User Registration/ Sign Up -> Able to take Paid Certification Courses & keep track of Completed Certificates
  100. Block Root REST API Route using custom &/or iThemes
techhipbettruvabetnorabahisbahis forumuedueduseduseduedusedueduedueduedu