Support » Fixing WordPress » site hacked – post content changed

  • Hi,
    A site I am running has been hacked, there are no tell tale signs except a post titled “Hacked by…”. The post isn’t new, just the post content has been changed,
    with spammy links.
    It was running 4.7.1. The site didn’t auto-upgrade because I kept it manual. I haven’t enabled access to server user www-data(nginx), didn’t include ftp/ssh login info in wp-config.php
    I checked revisions, 3 exist, current revision done 9 hours ago.
    No passwords changed, or any other content taken down.
    I am thinking the last 4.7.0, 4.7.1 WP-REST API, content injection vulnerability https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
    But I want to be sure. I would clean it up and change system, wordpress passwords.
    Any pointers would be appreciated.
    Also any directions on how to securely enable auto-upgrade, write access to www-data, without putting these down in wp-config

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘site hacked – post content changed’ is closed to new replies.