WordPress 2.6.2 got hacked
-
My WordPress 2.6.2 got hacked today. I have no idea how exactly. But I found this in my stats:
07:16:17 ->/wp-login.php
07:16:21 ->/wp-login.php?action=lostpassword
07:16:24 ->/wp-login.php?action=lostpassword
07:16:25 ->/wp-login.php?checkemail=confirm
07:17:20 ->/wp-login.php?action=rp&key=Ix9moYvBmI0DiDnKwp6j
07:17:20 ->/wp-login.php?checkemail=newpass
07:17:54 ->/wp-login.phpI have an email around the same time about a password change. And while I was still logged in myself, I found out (later) the email address of the admin had been changed.
I’ve since deleted some plugins (which I think weren’t the problem) and added secret keys to the wp-config. Is this enough or am I still vulnerable?
- The topic ‘WordPress 2.6.2 got hacked’ is closed to new replies.