Is my WP site being hacked?

My process for cleaning a hacked site includes

  • changing all credentials (user/pass) on hosting, FTP, WP (don’t use an admin-level user called ‘admin’)
  • updating everything- from the repository – WP, themes, plugins. Remove old/unused plugins and themes
  • use FTP of file manager to check every folder for files that look out of place (look at the datestamp of the files; since you updated everything, the bad files should be easily visible)
  • look at the generated pages source for things that shouldn’t be there.

There is guidance all over the googles about cleaning hackedsites. And I wrote up a procedure that I use here: https://securitydawg.com/recovering-from-a-hacked-wordpress-site/

It can be done, just takes a bit of work.

Related Posts:

  1. Could a user account with a stolen password compromised entire WP site?
  2. Verifying that I have fully removed a WordPress hack?
  3. If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
  4. Where to securely store API keys and passwords in WordPress?
  5. Why are passwords exportable as plain text in WordPress?
  6. Tips for finding SPAM links injected into the_content
  7. How is password strength calculated?
  8. Make password invalid once logged out of password-protected page
  9. What should I do about hacked server?
  10. How can I find security hole in my wordpress site?
  11. Can’t reset WordPress password
  12. Is the “lost password” feature truly a vulnerability?
  13. How to prevent bot or someone to modify any file automatically?
  14. Frontend Password change
  15. Is it possible to reduce the minimum character length for passwords?
  16. wp-config.php modified?
  17. Is there any point setting the keys and salts in wp-config.php?
  18. Suspicious Files
  19. How to prevent wp-login brute force attack from thousand of different IP? [duplicate]
  20. When is wp_set_password() called or how to capture a password
  21. Moving away from MD5: Where to declare the custom global $wp_hasher?
  22. How to get WordPress to send Password Reset Link Email instead of New Password?
  23. Malware script in database post table only? [closed]
  24. Verifying that I have fully removed a WordPress hack?
  25. How can I safely hide the fact that my website runs on WordPress? [closed]
  26. My WordPress Websites are always under attack
  27. How to find exploited wordpress plugin [closed]
  28. Basic password protection without using users and roles
  29. How can I force a specific password?
  30. Can a WordPress administrator see other users’ passwords?
  31. Any known bugs that could cause disappearance of the wp_users table?
  32. On new server, site got hacked, permissions a bit strange? Please help
  33. Replace domain in database
  34. Remove hacked code – out of ideas! [closed]
  35. After limiting the access to my wp-login.php by IP through .htaccess, all my password-protected posts stopped working. What’s the best solution now?
  36. WordPress Database Re-installed (Hacked)
  37. Verifying that I have fully removed a WordPress hack?
  38. Password-protect feed and make it usable in major aggregators
  39. how to find the way they hacked my WP site
  40. How to set custom validation for WordPress Passwords?
  41. How to stop repeated hack on header.php of custom theme? [closed]
  42. My WP site and password was hacked, what to do? [closed]
  43. Should WordPress Add Options to Enhance Security or Leave it to plugin developers? [closed]
  44. WordPress Hacks/Defacing [closed]
  45. How to get real password (before encrypt) when register a user?
  46. Directory to store secure file
  47. Can you alter the default wordpress strong password requirements?
  48. wp-salt.php and wp-cli.yml File present in public_html folder
  49. SSL Error: unable to get local issuer certificate
  50. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
  51. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
  52. How to redirect all HTTP requests to HTTPS
  53. What is the difference between a cer, pvk, and pfx file?
  54. How to solve “Kernel panic – not syncing – Attempted to kill init” — without erasing any user data
  55. What’s the best approach for generating a new API key?
  56. Is it possible to decrypt SHA1
  57. Simplest two-way encryption using PHP
  58. Why does the URL http://a/%%30%30 crash Google Chrome?
  59. what is a auth_user_file.txt?
  60. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site?
  61. How does the SQL injection from the “Bobby Tables” XKCD comic work?
  62. Error `sec_error_revoked_certificate` when viewed in Firefox only
  63. How to view PHP on live site
  64. Convert .pfx to .cer
  65. how fix “this certificate cannot be verified up to a trusted certification authority”
  66. Can an attacker use inspect element harmfully?
  67. Where does Internet Explorer store saved passwords?
  68. How can bcrypt have built-in salts?
  69. Is moving wp-config outside the web root really beneficial?
  70. Hide the fact a site is using WordPress?
  71. Infected Files – what to do [closed]
  72. Getting a List of Currently Available Roles on a WordPress Site?
  73. WordPress 4.7.1 REST API still exposing users
  74. Can I Prevent Enumeration of Usernames?
  75. Best way to eliminate xmlrpc.php?
  76. What’s the easiest way to stop WP from ever logging me out
  77. Should I escape wordpress functions like the_title, the_excerpt, the_content
  78. Why should I use the esc_url?
  79. Should I remove install.php and install-helper.php?
  80. Prevent access or auto-delete readme.html, license.txt, wp-config-sample.php
  81. How safe / sanitized is wp_insert_posts()?
  82. Why does WordPress need my private ssh key to update?
  83. When to use esc_html and when to use sanitize_text_field?
  84. From a security standpoint, should bloginfo() or get_bloginfo() be escaped?
  85. Are Nonces Useless?
  86. What is the difference between esc_html filter vs attribute_escape filter?
  87. Why escape if the_content isnt?
  88. Why does WordPress have more than one salt?
  89. What is the ideal setup to address security concerns?
  90. Will there be security updates for 3.1 once 3.2 is released?
  91. What’s the difference between esc_* functions?
  92. Full path disclosure on rss-functions.php
  93. What to use instead of wp_kses() in user output
  94. Enforcing password complexity
  95. How to set up fail2ban with WordFence?
  96. How do I technically prove that WordPress is secure?
  97. Are the default salts secure?
  98. is_email() VS sanitize_email()
  99. multi page password protection
  100. WordPress it’s cleaning a custom query_var to avoid sql injections?
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)