Hi guys! This is now the second time my site seems to have been hacked. I noticed an user registration a couple of weeks ago named **wadminw**. By the time I noticed it I was already locked out of /wp-admin. Entering my site normally via URL worked but every other page redirected to the front page. Google results of my site redirected to some Chinese spam sites.
All infected files and the .htacces files got recreated when trying to delete them so I just restored the site from a backup. Did a scan with Wordfence and everything seemed fine.
This morning the same thing happened again. Although now, I seemed to have noticed it quick enough to not have been locked out of /wp-admin. So I deleted this user and recreated it with another email, password and set it to only being a subscriber. Hopefully that will keep this malicious user from logging in or registering again. Doing a Wordfence scan right now but everything seems to be fine.
So, what is this? How did it get into my site? Obviously, I have all the latest updates of all plugins and WordPress itself. Does anybody have this happening to them too? Did a quick google and found a couple of other people this has happened to. But not that many. What else can I do to prevent things like happening?
[ad_2]
Either through a security risk in your theme, a plugin, or your general WordPress installation. Less likely to have been through the host.
You are either using nulled plugin or theme, or you are on shared hosting and some other site which is on same server as this one is hacked and attacker gained access to your site as well..
You has a vulnerability. A plugin wasn’t updated in a timely manner or one of them is nulled.