You could rename the plugins folder (in wp-content), but since you have no FTP access, that is harder. If you have File Manager access via your hosting cPanel, use that to rename the folder. But no bypass of a login via a GET/POST – that would be a serious security problem. Most likely, a plugin … Read more
It looks like one of your plugins/themes is vulnerable and allows anyone to modify your database. For example ThemeGrill themes have such vulnerability lately. Another possibility is that your site got hacked and there’s some backdoor placed on it. In both cases you should: check all your site clean it update it secure it.
Should I prevent access to .htaccess and wp-config.php files?
Goto PHPmyadmin. Click on Database and run the following SQL query: UPDATE wp_posts SET post_content=(REPLACE (post_content, ‘https://js.xxxxxxx.ga/stat.js?n=ns1’,”)); The above contains the js script src. We are just removing that. This happens due to many reasons. And you have to find out the exact source of infection. This is mostly occurs in pirated/ nulled themes. Well … Read more
Most definitely, all user names changed to admin I’m guessing ? I had this happen to an old website before. If available, I recommend recovering from a backup just in case they injected code in your posts / pages. I also recommend updating your plugins, templates and WordPress to the latest version and removing old … Read more
You should add a reCaptcha to your form, follow this tutorial: https://formidableforms.com/add-recaptcha-wordpress-contact-forms/
Look into adding a constant check at the top of the script: if ( ! defined( ‘ABSPATH’ ) ) { exit; // Exit if accessed directly } See: https://stackoverflow.com/questions/43212340/what-is-meant-by-if-defined-abspath
It looks like some javascript or advertising feature may redirecting visitor again and again. You should try debug it from browser console. Try to look after javascript events. Or reveal your domain for community to help you. Or if you know ask for help experienced programmer to solve your issue. Because, there are many reasons … Read more
Spam Content Serving from old cached version of site?
Websense blocks based on URLs, not on site content. You can use their Site Lookup tool to have it fixed: http://www.websense.com/sitelookup/ You’ll have to register with their site.