fatsuki

Another victim here. Admin username was changed to html404. I’m a complete basic user when it comes to websites, but I was able to figure out how to fix everything so far.

Website is running a self-hosted version of WordPress, 4.9.4. Running Wordfence version 7.

I got an email from Wordfence today at midnight saying html404 password was weak. I was able to log in and change the password. Then I went to cPanel phpMyAdmin and was able to change the username back. I then changed all the passwords associated with the site.

Wordfence also detected some malware. It was able to delete the files, but there was one in the web root index.php that it couldn’t delete. Wordfence showed me the modified and unmodified versions of the file. I had to go through cPanel File Manager on the web root directory to find it and restore it to the original version.

Next I checked my plugins. There was a Simple 301 Redirects plugin that I didn’t install, but it was inactive. I deleted it.

One other weird thing I noticed was that my Akismet Anti-spam plugin is acting funky. For years it would detect a few hundred spam per month. The past six months it’s detected SIX. I have no idea why. Also, I have two Akismet plugins now (not sure there were always two). One is just Akismet and one is Akismet Anit-spam. Only one can be active at a time. If I try to activate the inactive one, I get a fatal error message. Not sure if this has anything to do with anything, but it’s weird.

A few months ago there were some website getting hacked by suryana or some name like that. I also had that happen, but I was able to easily delete the user account they created and had no other problems that I know of.