Want to improve this question? Update the question so it’s on-topic for WordPress Development Stack Exchange.
Closed 17 hours ago.
tonight my website has been hacked.
I noticed that only thanks to Google that now show a Phishing Warning when I try to enter my website with Chrome or Firefox (with Edge Chromium everything is ok…)
By the way in the Search Console in Security Problems (I thinks so, I’m translating from italian… so maybe some word may be different ) Google alert me about this folder: wp-admin/network/god .
This is the content of that folder: https://1drv.ms/u/s!AgeF7StEHaDSaiOnWPK4BQ6nmM0?e=76LAfe
That folder was loaded in my website tonight, and I also found a new user in database created on 2020-11-03. I don’t know if this date is right, maybe the user was added hardcoding every info… is this possible?
I also found a index(old).php in my root folder that contains a lot of base64decode functions ( https://pastebin.com/9VW0NUbX )
I don’t know what is that, I’m starting now to “investigate”, I’m writing this with a hope that someone could help me…
What I would like to know is: which steps should I follow to discover every file added, changed or deleted? And how can I discover HOW all this is occured? I update all plugins weekly.
How can I know how hackers have been able to add a user in database and to add a folder in my website.
I have a clean backup, the only secure way to clean my website is to reload everything?
- Hiện tại chúng tôi có hơn 25 nghìn bài văn mẫu các thể loại.
- Kho tài liệu, đề thi học sinh giỏi các lớp vô cùng phong phú.
- Mỗi ngày cập nhật hơn 100 đề thi chất lượng từ các website bán tài liệu lớn.
Tải đề thi VIP với giá siêu rẻ tại Vip.Dethihsg247.Com