My WP site and password was hacked, what to do? [closed]

Nice job recovering your password, however, the exploit probably still exists so you might get hacked again.

Your next step is to find and seal up the security hole. It could be a plugin. It could be a theme.

Download and run the Sucuri plugin to help you figure it out.

Related Posts:

  1. Security and .htaccess
  2. What does a security risk in a plugin look like?
  3. Security issues with WP sites
  4. Preventing BFA in WordPress without using a plugin
  5. How To Clean The Malware Infected & Hacked WordPress Websites? [duplicate]
  6. How to delete Passwrd Protected posts cookies when a user logged out from the site
  7. Headers Content-Security-Policy CSP Major Issue
  8. Hack-Proof OR Security in WordPress — is it real?
  9. Specific way to allow WordPress users to view their current password? And edit it?
  10. Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
  11. Website show Google Ads when we have no Google Ads linked to our website
  12. WordPress disable direct access of files in WordPress installation path
  13. How to delete Password Protected posts cookies when a user logged out from the site
  14. What security concerns should I have when setting FS_METHOD to “direct” in wp-config?
  15. What Are Security Best Practices for WordPress Plugins and Themes? [closed]
  16. What are the common security flaws I need to look for? [closed]
  17. Why “Contact Form 7” doesn’t update PHPmailer library?
  18. How to stop wordpress from changing default .htaccess permissions to 444
  19. How to make media upload private? [duplicate]
  20. Does WordPress contain “default” anti-SQL injection code that responds with a 404 error?
  21. WordPress Capabilities: edit_user vs edit_users
  22. Add new password rule to Ultimate Member register form
  23. login to wordpress with Get variables instead of Post
  24. Why am I sometimes getting a 404 error when I try to update a page with Elementor?
  25. Should I use RIPS tool to test my themes and plugins?
  26. Is it possible to block subscriber users to changing its password?
  27. Problem protecting a page with a password
  28. Why users disable the WordPress update?
  29. How many security plugins are too many? [closed]
  30. Will WordPress username displayed somewhere in the site?
  31. Upgrading WordPress 4.0 asks for FTP password
  32. Is revealing just the AUTH_KEY a security issue?
  33. How Restrict access to admin dashboard by specific static ip?
  34. Protecting against malicious code in WordPress plugin updates
  35. Is there any good tutorial to write custom login, registration and password recovery forms? [closed]
  36. htaccess and wordpress config files are regularly over written
  37. Why Better WP security plugin returns 418 I’m a Teapot “error”?
  38. How to limit WordPress pages during updates?
  39. WordPress redirect all 404 pages to the Homepage
  40. rms_unique_wp_mu_pl_fl_nm.php
  41. How can I serve a text file at a custom URL
  42. Security checking in meta_box save is reluctant?
  43. The safest way to automate WordPress backups
  44. wp_create_nonce function doesn’t work inside a plugin?
  45. Does WordPress validate inputs to all functions? (such as get_user_meta and insert_user_meta)
  46. Nonce failing on form submission
  47. Reoccurring 404 Errors on all subpages
  48. Is there a directory my plugin can write files to that cannot be viewed via the browser/url?
  49. My WordPress website was hacked [closed]
  50. Some one is trying to hack my website, Need guidance [closed]
  51. I should enable automatic updates?
  52. Can some vulnerabilities in plugins be exploited even when the plugin is inactive?
  53. Prevent direct access to WordPress plugin assets?
  54. Completely disabling password reset/recovery
  55. Too many login attempts
  56. Custom API plugin to execute 3rd party API to retrieve data
  57. How to deal with Slow HTTP POST (slowloris) vulnerability
  58. Running multiple security plugins
  59. how do I secure my WP website from hackers? [closed]
  60. Chrome Dev Tools console says every page in my blog has link to http://maps.google.com [closed]
  61. Webservice credential storage [duplicate]
  62. WordPress rewrite rules not working
  63. Regarding plugin security
  64. Is this plugin safe to run?
  65. Is the Block Bad Queries Plugin Still Relevant?
  66. Hide plugins and theme from public
  67. Security of a WordPress Plugin
  68. Create Woocommerce account password post-checkout on thank you page
  69. Automatic chage password of pages after some time
  70. prevent anonymous access to WordPress site (non-admin site)
  71. wp_set_password() does not work!
  72. Blocking wp-login in HTACCESS has also blocked password protected pages
  73. How to allow URL with filename & extension in wordpress?
  74. Bing/msn bots is heavily requesting random of my website
  75. How To Use htaccess to Rewrite Link Structure for a Page that is Generated Programatcially
  76. WP Migrate DB Pro plugin cannot transfer Media files to remote server
  77. Password Protect wp-content?
  78. Securing a plugin pop-up window
  79. URL Rewrite 404
  80. .htaccess file doesn’t work, with hundred tries
  81. Help Code Review – I need to write on .htaccess file from theme’s function.php
  82. How to add subdomain to htaccess
  83. How can i see/log all requests coming from a registration form (not from the UI)?
  84. Write mysql credentials in plugin
  85. Site is continuously accessing by several IPs
  86. using .htaccess only for wordpress security no plugins
  87. SWF in wordpress post
  88. Apache rewrite rules and wordpress problem
  89. Unwanted Links and Spam WordPress Pages and Posts
  90. incorrect path of plugin dir on network
  91. Alter the reset password link
  92. Could a user account with a stolen password compromised entire WP site?
  93. File permissions for wp-minify plugin
  94. What is the recommended way to be notified of security updates to my plugins? [closed]
  95. Is my WP site being hacked?
  96. Please Check this ‘.htaccess’ File
  97. Allow direct access to files/folders within WordPress to replace wp-admin
  98. WordPress website is redirecting on some different shopping page
  99. WordPress User Registration/ Sign Up -> Able to take Paid Certification Courses & keep track of Completed Certificates
  100. Block Root REST API Route using custom &/or iThemes
tech