WordPress site compromised - old posts being added (4 posts)

  1. the_lar
    Posted 2 years ago #

    Hi All,

    We have just noticed in the last 2 days that some posts have been added to our WordPress website. The posts are being created with old creation dates of 2010 but are available via the monthly archives. The posts themselves contain links to casino websites.

    We noticed 4 pages yesterday which were imediately removed, these had been created using an Administrator account, ours in fact which has a very strong password and is NOT named 'admin' - we removed this account immediately and created another Administrator account. Today a new post was created and this one has no associated author, it's completely blank.

    I haven't been able to find much information about any kind of hack that allows posts to be created but I can only assume that one exists and that my site has it. I'm pretty diligent when it comes to security, I never use the 'admin' account and I use very strong passwords. WordPress is 3.5.1 and I have the following plugins installed and running:

    CMS Tree Page View
    Google Analytics for WordPress
    MapPress Easy Google Maps
    More Taxonomies
    More Types
    Post Types Order
    Simple Fields
    Visual Form Builder
    WordPress HTTPS

    Does anyone know of any exploits in the above plugins - all were downloaded via WordPress of course.

    I'm looking for some advice really, I am going to change the passwords for all user accounts and I am going to get the server host to change the FTP and the database credentials. Obviously I will update WordPress and all of the plugins too. Is there anything else I should be doing?

    To me this doesn't feel like a backdoor hack but I don't really know what it is - how can posts be created in WordPress which don't have any author? As far as I know this isn't possible via WordPress itself which points to the database access being compromised doesn't it?

    Any help gratefully received!

  2. Krishna
    Volunteer Moderator
    Posted 2 years ago #

  3. the_lar
    Posted 2 years ago #

    I am aware of this list as they appear frequently on this forum and the suggestions are either already done or are being done. I'm looking for some more specific advice on the fingerprint of this particular issue rather than a generic list of resources though.

    I take security very seriously but I've never come across a compromise which allows the compromiser to be able to add posts without an associated user name and wondered if any others had had similar experiences.


  4. esmi
    Forum Moderator
    Posted 2 years ago #

    We cannot help with this as we cannot examine your site's access logs. It's something you will need to discuss with your hosts.

Topic Closed

This topic has been closed to new replies.

About this Topic