Hello,
I have a wordpress website, and some time ago I noticed that a [“[email protected]](mailto:”[email protected])” was getting access to our search console. Looking fishy, I went and after that deleted the user and the HTML that he verified that. Informed the hosting company, and asked why this happened. And they just replied “oh its a google authorization” That felt very stupid, since even tho I’m not into IT for a long time it was very obvious.
Fast forward 2-3 weeks, I see on my analytics that some crazy pages were generated on my website and they are drawing traffic. Pages about casino games and basically spam landing pages. They are created with dated subfolders like “/2024/07/24/”.
The thing is that on my WordPress admin I cannot find those pages created. I cannot find them even with SSH on the hosting.
Did they somehow do this via a DB hack or something similar? (Just assuming.)
How do I proceed to clean this issue?
[ad_2]
It does sound like you’ve been hacked. Have you run a Wordfence scan? Review your plugins, remove anything that hasn’t received an update in the last 12 months.