advice Is this wordpress hack ?

[Isac]

Someone Registered on my wordpress website shoutscoop.com but as per my website Membership settings " No User can register " . This is an email i got "


WordPress [email protected] via cp-in-10.webhostbox.net
to me

New user registration on your site Shout Scoop:

Username: odislav48

Email: [email protected]

.
.
when i opened my website and checked user i was shoked to see " he is registered as an Administrator ". So i quickly removed . I didn't understand whats going on ?

 

[Constantin S]

Could you tell me,
How it will be possible to hack website hosting account.

Or you are just telling to change WordPress website password.

I've checked my hosting's login history and there was 2 susupicious logins, so I'm confident that the HOSTING was hacked, not my website.

 

[MasterOfMyDomains]

Who knows how its possible. Its possible. Once someone gets into cpanel, they can add files to and site hosted in that cpanel without even visiting your website.
Weak plugin, maybe old site you had built via that cpanel left a security risk. Even though you deleted all files.
Again, the cpanel you access via your hosting provider, how many domains are there?
Just watching cnn some hack job going down. These guys never stop trying to find a way to hack anything
Malicious content can kill your name

 

[Isac]

Dude...

Install Wordfence... configure it to lock out an IP address after ONE incorrct password failure...

You can use the free verion....I have it on all my sites. Works like a charm

**Thats what I think would be a good idea going forward... it won't solve ur current breach obviously**

Realistically if he has already created an account then it's very likely he has installed something on your site. Could even be subtle changes to the adsense code or even replace your affilaite links with his (assuming u have affiliate adverts and Adsense)

Just Installed wordfence

 

[Furquan]

I've checked my hosting's login history and there was 2 susupicious logins, so I'm confident that the HOSTING was hacked, not my website.

But this is another one, you where got targeted because of some security hole in your website or via some other website which was in the same network.

It's a different case, as @Isac has unchecked "Anyone can register". He is no way get any message again.

 

[Furquan]

Just Installed wordfence

Now uninstall all the VPN services, as you are going to lock your site by yourself, lol

 

[Isac]

I mean how many names do you have built out in wp with your hosting account?
Access can be made through your cpanel, is there only one name you have developed in your cpanel?

I have opted for single domin linux hosting . which is a shared hosting.

 

[Constantin S]

But this is another one, you where got targeted because of some security hole in your website or via some other website which was in the same network.

It's a different case, as @Isac has unchecked "Anyone can register". He is no way get any message again.


Show attachment 58301

Honestly I don't really care that I got hacked atm, because I'm in progress to redesign my website and when I'll finish it i'll make sure to be secure as hell

 

[barefooted]

I think if the hacker had cpanel access, he could do whathever he wants and no need to create WP admin account to get noticed.

Most probably you have a backdoor in your WP code.

If you recently installed new themes or suspicious plugins, it may be hidden there and then called via URL to auto-create new admin accout.

This method does not use registration interface and maybe could not be blocked by security plugins.

You better search all your site's .php files, especially functions.php, for that admin name and email.

Btw, email used is from Ukraine and is flagged as spammy, so maybe sending spam emails from your account is the purporse of that account - check your sent mail too.

 

[Primary Names]

Great advice from @barefooted , but its gonna be tough to scan all those lines of code, unless you are a savvy coder and know what you are doing. Most probably someone has left a backdoor in a hacked plugin/theme, you might have downloaded from "somewhere".

Deleting that user id is not gonna work unless you delete the plugin/theme itself. But deleting that itself might not work if the code might have injected itself into wordpress core files.

I have had this type of issues in past. Since I am the paranoid type, I have almost always ended up reinstalling the core files. But there is one good habit that helped, I always have a back up of my DB. Also I mostly use plugins from the wp-repository only.

Goodluck.

 

[Emmy101]

You should change the administrator account's email and password, and be careful with plugins/themes some are outdated and could be used to hack your website over and over.