advice Is this wordpress hack ?

[Isac]

Someone Registered on my wordpress website shoutscoop.com but as per my website Membership settings " No User can register " . This is an email i got "


WordPress [email protected] via cp-in-10.webhostbox.net
to me

New user registration on your site Shout Scoop:

Username: odislav48

Email: [email protected]

.
.
when i opened my website and checked user i was shoked to see " he is registered as an Administrator ". So i quickly removed . I didn't understand whats going on ?

 

[maya-zir]

delete him and scan you wp files or ask your host support scan it

 

[Constantin S]

Are your registrations active? (you can check at yourwebsite.com/wp-admin/options-general.php, "membership" must not be active)
Also set "New User Default Role" to subscriber just in-case.

 

[MasterOfMyDomains]

I would get your hosting company to suspend hosting account until you can verify not files have been added.
Go to google and search
Site:domainname.ext
To make sure content has not been added.

 

[maya-zir]

I tell you what I do in these cases.
I have back up of all my wp site, so I just set TEMP NOT AVIABLE and quickly reupload my clean files

 

[barefooted]

I think if the hacker had cpanel access, he could do whathever he wants and no need to create WP admin account to get noticed.

Most probably you have a backdoor in your WP code.

If you recently installed new themes or suspicious plugins, it may be hidden there and then called via URL to auto-create new admin accout.

This method does not use registration interface and maybe could not be blocked by security plugins.

You better search all your site's .php files, especially functions.php, for that admin name and email.

Btw, email used is from Ukraine and is flagged as spammy, so maybe sending spam emails from your account is the purporse of that account - check your sent mail too.

 

[deez007]

Dude...

Install Wordfence... configure it to lock out an IP address after ONE incorrct password failure...

You can use the free verion....I have it on all my sites. Works like a charm

**Thats what I think would be a good idea going forward... it won't solve ur current breach obviously**

Realistically if he has already created an account then it's very likely he has installed something on your site. Could even be subtle changes to the adsense code or even replace your affilaite links with his (assuming u have affiliate adverts and Adsense)

 

[arjun29]

Try these 3 plugins:

Limit login(free)
Sucuri (paid)
BWS captcha(paid)

I have been using them for a long time. I have also disabled registration with .ru domains.

 

[MasterOfMyDomains]

How many sites on that hosting account?

It may not be your site that got hacked but your hosting control panel

 

[Isac]

Dude...

Install Wordfence... configure it to lock out an IP address after ONE incorrct password failure...

You can use the free verion....I have it on all my sites. Works like a charm

**Thats what I think would be a good idea going forward... it won't solve ur current breach obviously**

Realistically if he has already created an account then it's very likely he has installed something on your site. Could even be subtle changes to the adsense code or even replace your affilaite links with his (assuming u have affiliate adverts and Adsense)

OK will do that

 

[Constantin S]

Membership is not active and infact Newuser default role is also on Subscribe mode. I don't still know how he became administrator

I recommend you to reset your hosting password (my hosting: ipage, also have been hacked just about 10 days ago).

 

[MasterOfMyDomains]

I mean how many names do you have built out in wp with your hosting account?
Access can be made through your cpanel, is there only one name you have developed in your cpanel?

 

[Isac]

Dude...

Install Wordfence... configure it to lock out an IP address after ONE incorrct password failure...

You can use the free verion....I have it on all my sites. Works like a charm

**Thats what I think would be a good idea going forward... it won't solve ur current breach obviously**

Realistically if he has already created an account then it's very likely he has installed something on your site. Could even be subtle changes to the adsense code or even replace your affilaite links with his (assuming u have affiliate adverts and Adsense)

Just Installed wordfence

 

[Isac]

I mean how many names do you have built out in wp with your hosting account?
Access can be made through your cpanel, is there only one name you have developed in your cpanel?

I have opted for single domin linux hosting . which is a shared hosting.

 

[Constantin S]

But this is another one, you where got targeted because of some security hole in your website or via some other website which was in the same network.

It's a different case, as @Isac has unchecked "Anyone can register". He is no way get any message again.


Show attachment 58301

Honestly I don't really care that I got hacked atm, because I'm in progress to redesign my website and when I'll finish it i'll make sure to be secure as hell

 

[Isac]

Are your registrations active? (you can check at yourwebsite.com/wp-admin/options-general.php, "membership" must not be active)
Also set "New User Default Role" to subscriber just in-case.

Membership is not active and infact Newuser default role is also on Subscribe mode. I don't still know how he became administrator

 

[Isac]

I tell you what I do in these cases.
I have back up of all my wp site, so I just set TEMP NOT AVIABLE and quickly reupload my clean files

But unfortunately i didn't have backup

 

[Isac]

Try these 3 plugins:

Limit login(free)
Sucuri (paid)
BWS captcha(paid)

I have been using them for a long time. I have also disabled registration with .ru domains.

Will check them now. Thanks

 

[Isac]

How many sites on that hosting account?

It may not be your site that got hacked but your hosting control panel

Its shared hosting

 

[Furquan]

To prevent anyone from registering into your site, you should go to the general settings page in your dashboard and uncheck "anyone can register". You should also delete the above-mentioned user from your user list for security.

 

[maya-zir]

wordfence already has login limits

 

[Isac]

To prevent anyone from registering into your site, you should go to the general settings page in your dashboard and uncheck "anyone can register". You should also delete the above-mentioned user from your user list for security.

I have deleted him and it was already unchecked

 

[Furquan]

I have deleted him and it was already unchecked

Then you don't need to do anything. Just be careful & always have strong password.

 

[Furquan]

I recommend you to reset your hosting password (my hosting: ipage, also have been hacked just about 10 days ago).

Could you tell me,
How it will be possible to hack website hosting account.

Or you are just telling to change WordPress website password.

 

[Constantin S]

Could you tell me,
How it will be possible to hack website hosting account.

Or you are just telling to change WordPress website password.

I've checked my hosting's login history and there was 2 susupicious logins, so I'm confident that the HOSTING was hacked, not my website.