Sites are running on 2.7 with only some of the popular plugins all updated.
I even changed the wordpress prefix table.
Today..some of my sites were hacked by using the “Forgot Password” function. I received the notification by email.. when I checked the sites were hacked.
I then deleted everything and changed the login password via phpmyadmin.
How was it hacked (in general?) Was it done via RFI? code injection, etc.?
I had a totally different wordpress prefix, install “Login Locked down” plugin.
Anything else I should do to prevent this in the future?
- The topic ‘Site Hacked by using “Lost Password”’ is closed to new replies.