advice Is this wordpress hack ?

Isac · May 13, 2017

Someone Registered on my wordpress website shoutscoop.com but as per my website Membership settings " No User can register " . This is an email i got "

WordPress [email protected] via cp-in-10.webhostbox.net
to me

New user registration on your site Shout Scoop:

Username: odislav48

Email: [email protected]

.
.
when i opened my website and checked user i was shoked to see " he is registered as an Administrator ". So i quickly removed . I didn't understand whats going on ?

maya-zir · May 13, 2017

delete him and scan you wp files or ask your host support scan it

Constantin S · May 13, 2017

Are your registrations active? (you can check at yourwebsite.com/wp-admin/options-general.php, "membership" must not be active)
Also set "New User Default Role" to subscriber just in-case.

MasterOfMyDomains · May 13, 2017

I would get your hosting company to suspend hosting account until you can verify not files have been added.
Go to google and search
Site:domainname.ext
To make sure content has not been added.

deez007 · May 13, 2017

Dude...

Install Wordfence... configure it to lock out an IP address after ONE incorrct password failure...

You can use the free verion....I have it on all my sites. Works like a charm

**Thats what I think would be a good idea going forward... it won't solve ur current breach obviously**

Realistically if he has already created an account then it's very likely he has installed something on your site. Could even be subtle changes to the adsense code or even replace your affilaite links with his (assuming u have affiliate adverts and Adsense)

maya-zir · May 13, 2017

I tell you what I do in these cases.
I have back up of all my wp site, so I just set TEMP NOT AVIABLE and quickly reupload my clean files

arjun29 · May 13, 2017

Try these 3 plugins:

Limit login(free)
Sucuri (paid)
BWS captcha(paid)

I have been using them for a long time. I have also disabled registration with .ru domains.

MasterOfMyDomains · May 13, 2017

How many sites on that hosting account?

It may not be your site that got hacked but your hosting control panel

Isac · May 13, 2017

Constantin S said:
Are your registrations active? (you can check at yourwebsite.com/wp-admin/options-general.php, "membership" must not be active)
Also set "New User Default Role" to subscriber just in-case.

Membership is not active and infact Newuser default role is also on Subscribe mode. I don't still know how he became administrator

Isac · May 13, 2017

deez007 said:
Dude...

Install Wordfence... configure it to lock out an IP address after ONE incorrct password failure...

You can use the free verion....I have it on all my sites. Works like a charm

**Thats what I think would be a good idea going forward... it won't solve ur current breach obviously**

Realistically if he has already created an account then it's very likely he has installed something on your site. Could even be subtle changes to the adsense code or even replace your affilaite links with his (assuming u have affiliate adverts and Adsense)

OK will do that

Isac · May 13, 2017

mayazir said:
I tell you what I do in these cases.
I have back up of all my wp site, so I just set TEMP NOT AVIABLE and quickly reupload my clean files

But unfortunately i didn't have backup

Isac · May 13, 2017

arjun29 said:
Try these 3 plugins:

Limit login(free)
Sucuri (paid)
BWS captcha(paid)

I have been using them for a long time. I have also disabled registration with .ru domains.

Will check them now. Thanks

Isac · May 13, 2017

MasterOfMyDomains said:
How many sites on that hosting account?

It may not be your site that got hacked but your hosting control panel

Its shared hosting

Furquan · May 13, 2017

To prevent anyone from registering into your site, you should go to the general settings page in your dashboard and uncheck "anyone can register". You should also delete the above-mentioned user from your user list for security.

maya-zir · May 13, 2017

wordfence already has login limits

Isac · May 13, 2017

Furquah said:
To prevent anyone from registering into your site, you should go to the general settings page in your dashboard and uncheck "anyone can register". You should also delete the above-mentioned user from your user list for security.

I have deleted him and it was already unchecked

Furquan · May 13, 2017

Isac said:
I have deleted him and it was already unchecked

Then you don't need to do anything. Just be careful & always have strong password.

Constantin S · May 13, 2017

Isac said:
Membership is not active and infact Newuser default role is also on Subscribe mode. I don't still know how he became administrator

I recommend you to reset your hosting password (my hosting: ipage, also have been hacked just about 10 days ago).

MasterOfMyDomains · May 13, 2017

I mean how many names do you have built out in wp with your hosting account?
Access can be made through your cpanel, is there only one name you have developed in your cpanel?

Furquan · May 13, 2017

Constantin S said:
I recommend you to reset your hosting password (my hosting: ipage, also have been hacked just about 10 days ago).

Could you tell me,
How it will be possible to hack website hosting account.

Or you are just telling to change WordPress website password.

Constantin S · May 13, 2017

Furquah said:
Could you tell me,
How it will be possible to hack website hosting account.

Or you are just telling to change WordPress website password.

I've checked my hosting's login history and there was 2 susupicious logins, so I'm confident that the HOSTING was hacked, not my website.

MasterOfMyDomains · May 13, 2017

Who knows how its possible. Its possible. Once someone gets into cpanel, they can add files to and site hosted in that cpanel without even visiting your website.
Weak plugin, maybe old site you had built via that cpanel left a security risk. Even though you deleted all files.
Again, the cpanel you access via your hosting provider, how many domains are there?
Just watching cnn some hack job going down. These guys never stop trying to find a way to hack anything
Malicious content can kill your name

Isac · May 13, 2017

deez007 said:
Dude...

Install Wordfence... configure it to lock out an IP address after ONE incorrct password failure...

You can use the free verion....I have it on all my sites. Works like a charm

**Thats what I think would be a good idea going forward... it won't solve ur current breach obviously**

Realistically if he has already created an account then it's very likely he has installed something on your site. Could even be subtle changes to the adsense code or even replace your affilaite links with his (assuming u have affiliate adverts and Adsense)

Just Installed wordfence

Furquan · May 13, 2017

Constantin S said:
I've checked my hosting's login history and there was 2 susupicious logins, so I'm confident that the HOSTING was hacked, not my website.

But this is another one, you where got targeted because of some security hole in your website or via some other website which was in the same network.

It's a different case, as @Isac has unchecked "Anyone can register". He is no way get any message again.

Furquan · May 13, 2017

Isac said:
Just Installed wordfence

Now uninstall all the VPN services, as you are going to lock your site by yourself, lol

advice Is this wordpress hack ?

Top Member

Top Member

Top Member

WVWTop Member

The More I Learn The Less I "Know"Top Member

Top Member

Top Member

WVWTop Member

Top Member

Top Member

Top Member

Top Member

Top Member

JokerTop Member

Top Member

Top Member

JokerTop Member

Top Member

WVWTop Member

JokerTop Member

Top Member

WVWTop Member

Top Member

JokerTop Member

JokerTop Member

Similar threads

We're social

Pinned

Appreciation

Agreement