Help site compromised

These guys have been on my case for the last 3 weeks, has any one else had these attacks before and found how they get in? I have pretty much done all kind of checks (see below) and cleared it numerous times.

They basically kick out everything in the root directory, and it just shows a index.html and their .htaccess file.

Even found them in the google search console, unknown user, who submit their sitemap, which in the worst case showed up on google … could it be google site kit? We work with ACF all custom builds (no themes) and try to keep plugins to a minimum.

Has anyone had these issue and managed to keep them out…

This is the console user

This is how your site shows up

As said I have done all the standard stuff, always have wordfence running by default, 2fa, brutforce settings harden… in addtion i have:

  • Review User Accounts
  • Reset All Passwords (Users / FTP and DB)
  • Checked wp-config.php and .htaccess for Any Modifications
  • Disable Theme Editor in WordPress Backend
  • Checked Permission Settings
  • Change Salts and Security Keys in wp-config.php
  • Hide Login url (since most keep on hitting this
  • disabled XMLRPC PHP
  • Block access to wp-config.php
  • I have scaned them with sucucri, total virus, kaspersky, quttera, etc…

Any suggestion / ideas will be really appreciated.These guys have been on my case for the last 3 weeks, has any one else had these attacks before and found how they get in? I have pretty much done all kind of checks (see below) and cleared it numerous times.They basically kick out everything in the root directory, and it just shows a index.html and their .htaccess file.Even found them in the google search console, unknown user, who submit their sitemap, which in the worst case showed up on google … could it be google site kit? We work with ACF all custom builds (no themes) and try to keep plugins to a minimum.Has anyone had these issue and managed to keep them out…As said I have done all the standard stuff, always have wordfence running by default, 2fa, brutforce settings harden… in addtion i have:

Review User Accounts
Reset All Passwords (Users / FTP and DB)
Checked wp-config.php and .htaccess for Any Modifications
Disable Theme Editor in WordPress Backend
Checked Permission Settings
Change Salts and Security Keys in wp-config.php
Hide Login url (since most keep on hitting this
disabled XMLRPC PHP
Block access to wp-config.php

I have scaned them with sucucri, total virus, kaspersky, quttera, etc…Any suggestion / ideas will be really appreciated.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer