Hi WordPressians, I need help with WordPress security.
I have a really simple landing page portfolio website, which I don't log into very often. Today, after almost 5 months, I logged into my WordPress dashboard and was shocked to find 201 blog posts. I was literally stunned.
I installed Bit File Manager but couldn't access the root directory due to a 307 error related to the backend. I then checked the htaccess file from cPanel for any unusual code but found nothing suspicious. I also checked the users in the WordPress dashboard, and there was no one listed except for me. I'm unsure how someone gained access to my dashboard.
The theme and plugins I’m using are:
- Bricks
- SEO Framework
- Site Kit by Google
- BBQ Firewall
- LiteSpeed Cache
- WP Vivid for backups
While writing this post, another blog post was added to my site, seemingly from someone in Brazil.
Note: I'm using a very strong password with 40 characters.
Install and activate wordfence. If you can go into the database and delete all users except yourself. Enable 2fa for admin in wordfence.
Also make sure on your account you dont have any “application passwords” or whatever they are called in the admin user page.
Like via a plugin vulnerability – my guess is it was this one https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/bricks/bricks-196-unauthenticated-remote-code-execution
You need to clean the site (Google “how to clean a malware infected WordPress site”). After that’s done, set all your plugins and theme to auto update. Don’t leave the site sitting for 5 months – you need to check it at least once a month.
Are these Posts appearing in your list of Posts, rather than comments listed on your dashboard that bots are posting (perhaps even if not visible on-page) to you page?