WordPress site compromised – old posts being added
We have just noticed in the last 2 days that some posts have been added to our WordPress website. The posts are being created with old creation dates of 2010 but are available via the monthly archives. The posts themselves contain links to casino websites.
We noticed 4 pages yesterday which were imediately removed, these had been created using an Administrator account, ours in fact which has a very strong password and is NOT named ‘admin’ – we removed this account immediately and created another Administrator account. Today a new post was created and this one has no associated author, it’s completely blank.
I haven’t been able to find much information about any kind of hack that allows posts to be created but I can only assume that one exists and that my site has it. I’m pretty diligent when it comes to security, I never use the ‘admin’ account and I use very strong passwords. WordPress is 3.5.1 and I have the following plugins installed and running:
CMS Tree Page View
Google Analytics for WordPress
MapPress Easy Google Maps
Post Types Order
Visual Form Builder
Does anyone know of any exploits in the above plugins – all were downloaded via WordPress of course.
I’m looking for some advice really, I am going to change the passwords for all user accounts and I am going to get the server host to change the FTP and the database credentials. Obviously I will update WordPress and all of the plugins too. Is there anything else I should be doing?
To me this doesn’t feel like a backdoor hack but I don’t really know what it is – how can posts be created in WordPress which don’t have any author? As far as I know this isn’t possible via WordPress itself which points to the database access being compromised doesn’t it?
Any help gratefully received!
- The topic ‘WordPress site compromised – old posts being added’ is closed to new replies.