Title: Solution to recent security issue? Last modified: December 16, 2021 --- # Solution to recent security issue? * Resolved [alyanna](https://wordpress.org/support/users/alyanna/) * (@alyanna) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/) * My site was affected by the recent security issue and I’ve lost access. I tried following the link suggested — [https://wordpress.org/support/topic/recent-security-issue-2/page/5/#post-15148074](https://wordpress.org/support/topic/recent-security-issue-2/page/5/#post-15148074) but I can’t access the post as the topic is closed. * Would someone be kind enough to repost the solution here? * Thank you! Viewing 15 replies - 1 through 15 (of 23 total) 1 [2](https://wordpress.org/support/topic/solution-to-recent-security-issue/page/2/?output_format=md) [→](https://wordpress.org/support/topic/solution-to-recent-security-issue/page/2/?output_format=md) * Plugin Author [Steve Burge](https://wordpress.org/support/users/stevejburge/) * (@stevejburge) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15149392) * Hi [@alyanna](https://wordpress.org/support/users/alyanna/) * We really apologize for that. * There was a window of about 24 hours when this issue was exploited between December 7 and December 8. That window was closed by WordPress.org sending out auto-updates with the security fix. * So, I’m speaking with incomplete knowledge as the issue is still fresh, but a typical attack seemed to have two possible parts: * – A new user was created on December 7 or 8. – A plugin was uploaded called “ wp-striplple”.`You may need to check the /wp-content/plugins/ folder to find it. * Please check for this two issues. If you find either, it might be good to also run a general security scan. * Thread Starter [alyanna](https://wordpress.org/support/users/alyanna/) * (@alyanna) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15149400) * Hi Steve, thank you so much for the prompt response. * I saw the new users created, and was able to delete them through the MySQL database. There isn’t a plugin called “wp-striplple” in my plugins folder. * I tried restoring my files from a backup from 12/08 and the site still doesn’t load. It keep redirecting to [https://track.trainresistor.cc/](https://track.trainresistor.cc/) * Plugin Author [Steve Burge](https://wordpress.org/support/users/stevejburge/) * (@stevejburge) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15149417) * Hi [@alyanna](https://wordpress.org/support/users/alyanna/). December 8 was inside the 24 hour window for the hack, so it might be wise to go back a day or so earlier. * Thread Starter [alyanna](https://wordpress.org/support/users/alyanna/) * (@alyanna) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15149424) * I tried restoring it from 12/06 and flushing the cache, however it still doesn’t work. However, my host’s restore option has a note that it doesn’t remove files added after the backup. * I’m at a lost as to how to get my website (ecommerce store) back up and running. Trying to access the wp-admin url now redirects to bing.com The main page redirects to trainresistor still * Thread Starter [alyanna](https://wordpress.org/support/users/alyanna/) * (@alyanna) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15149427) * Do I have to restore my database as well? * Plugin Author [Steve Burge](https://wordpress.org/support/users/stevejburge/) * (@stevejburge) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15149441) * [@alyanna](https://wordpress.org/support/users/alyanna/) In this case, the database is more important than the files. * It’s possible that your homepage URL has been changed in the wp_options table in the database. * Thread Starter [alyanna](https://wordpress.org/support/users/alyanna/) * (@alyanna) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15149456) * Thank you so so so much that solved the problem!!! * [Carlos Serra](https://wordpress.org/support/users/carsermil/) * (@carsermil) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15150527) * A customer told me that the website was not working. Before restoring the website I did some research and I found you. I have restored the website and the database to 12/6 and perfect, everything working fine and the plugin updated to version 2.3.2. Thank you all for the solution. * [Tonnetje](https://wordpress.org/support/users/tonnetje/) * (@tonnetje) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15150706) * I have the same issue. Yesterday my site was hacked and I restored a backup, all working again 9/12. Today I get the [https://track.trainresistor.cc/](https://track.trainresistor.cc/) * After restoring backup. Which version of WP should I upgrade to and should I restore a backup again? Or can I do something else? Thanks * [Carlos Serra](https://wordpress.org/support/users/carsermil/) * (@carsermil) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15150805) * I’ll explain how I did it. I have restored a complete copy of 12/6, with complete I mean the web and the database. Once the website is restored, I immediately update the PublishPress plugin from version 2.3 to 2.3.2, if you do not update this plugin the same thing will happen. * Plugin Author [Steve Burge](https://wordpress.org/support/users/stevejburge/) * (@stevejburge) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15152049) * Thanks for your helpful feedback [@carsermil](https://wordpress.org/support/users/carsermil/) [@tonnetje](https://wordpress.org/support/users/tonnetje/) [@alyanna](https://wordpress.org/support/users/alyanna/) * We really apologize for this issue and are grateful for you posting here. Our team is avaiable and happy to help. * Any backup copies of your site from before December 7 are likely to unaffected by this issue and will be safe to restore. * [Tonnetje](https://wordpress.org/support/users/tonnetje/) * (@tonnetje) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15152120) * Thank you, I’ve restored a backup from before 7/12 and updated the plugin. It seems to work now! Hope that’s it. * Plugin Author [Steve Burge](https://wordpress.org/support/users/stevejburge/) * (@stevejburge) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15152227) * That’s great to hear, thanks [@tonnetje](https://wordpress.org/support/users/tonnetje/) * [thuansky](https://wordpress.org/support/users/thuansky/) * (@thuansky) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15153091) * I have successfully fixed my website [https://thacnuocphongthuy.vn/](https://thacnuocphongthuy.vn/), it is redirected only when you login with admin account. here’s how I fixed it: I first read [@stevejburge](https://wordpress.org/support/users/stevejburge/)’ s warning and followed it to find the error, but I couldn’t find any user or wp-striplple plugin directory. * I decided to delete the entire sql to use the old spl that was backed up before it crashed. * Then I went back to the plugin folder and there was a new folder called “wp-romain” appeared, after viewing the code I saw wp-striplple with the owner site path ( I deleted it quickly) Too bad I forgot to save the website link in time) * and everything was back to normal. - This reply was modified 4 years, 4 months ago by [thuansky](https://wordpress.org/support/users/thuansky/). * [parhamm](https://wordpress.org/support/users/parhamm/) * (@parhamm) * [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/#post-15154849) * Also, with the help of my host provider, we realized that once you get into the database file, under wp_option table is where the WordPress URL is indicated. This is where URL redirect injection normally happens and where hackers change it. You just need to change it back to your own URL. Good luck to anyone who encounters this problem. Viewing 15 replies - 1 through 15 (of 23 total) 1 [2](https://wordpress.org/support/topic/solution-to-recent-security-issue/page/2/?output_format=md) [→](https://wordpress.org/support/topic/solution-to-recent-security-issue/page/2/?output_format=md) The topic ‘Solution to recent security issue?’ is closed to new replies. * ![](https://ps.w.org/capability-manager-enhanced/assets/icon-256x256.png?rev= 3408171) * [PublishPress Capabilities - User Role Editor, Access Permissions, User Capabilities, Admin Menus](https://wordpress.org/plugins/capability-manager-enhanced/) * [Frequently Asked Questions](https://wordpress.org/plugins/capability-manager-enhanced/#faq) * [Support Threads](https://wordpress.org/support/plugin/capability-manager-enhanced/) * [Active Topics](https://wordpress.org/support/plugin/capability-manager-enhanced/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/capability-manager-enhanced/unresolved/) * [Reviews](https://wordpress.org/support/plugin/capability-manager-enhanced/reviews/) * 23 replies * 9 participants * Last reply from: [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * Last activity: [4 years, 4 months ago](https://wordpress.org/support/topic/solution-to-recent-security-issue/page/2/#post-15170773) * Status: resolved