[ad_1]
I just logged in into a client’s wp backend after a noticed a weird blog post. I checked the author name, and it was a name i didn’t recognize.
Went to check users, and there were 1000+ admins. This client rejected my suggestions to get wordfence and HideMyWpGhost last year after i recovered the site from a hack.
I am deleting the users, but what else do i do?
I’ll find time to go through plesk tomorrow see if there are any unusual new files
[ad_2]
Is the client paying you for maintenance? If so, insist on Wordfence. Or just install it anyways.
Otherwise, charge for your time.
If the client allows it, install the Members plugin and set up roles so that only users with a certain role can write/add blog posts or become admins. I would lock down the site au complet. But only after you’re sure the site isn’t hacked, of course.
If your client isn’t listening to you, the problem will keep happening. Maybe you need to get them to sign a waiver that they refused to use a security plugin etc. Plus their hosting could kick them off if they’re not taking measures to keep the site secure.
Does or did the site have elementor plugin installed?
There was a notorious elementor hack that allowed admin creation.
Oh man. This website and maybe the server are hosed.
You need to do a merge and compare of all the files with an old backup. Winmerge
But then you have to wonder if the server is compromised.
IMHO you didn’t remove the ‘hack’ completely. Prob some obscure function stated behind that if someone visits domain.com/4÷×%<654=%>8>^%××@%8&<9(%’xvni8754edfyhgiigsdj8tfviudhj7nnfdcjid a new admin is created..