It looks like you haven’t clean up the prior hacks on your site. Given your history, I suspect there’s a weakness in your hosting setup.
Hi @codeaholic,
If you delete the “wp-admin”, WordPress still stores all of its users and their capabilities in the database. And someone having database expertise may insert the user manually.
Are you getting unknow users on the site? Are they are created without your concern?
Would you like to share more details? Specially if you share use-cases, it would be easy to share the solutions. Let us know, if you need more helps. Regards
I’m running the wordfence plug-in which verifies everything is cleaned up and repairs all files. I also deleted all of the WordPress extra folders and had them all reinstalled.
As I recommended here 6 months ago, you should have deleted the project sooner and restored it from a clean backup: https://wordpress.org/support/topic/hacked-over-and-over-again/#post-18123580
Because even if you have installed and use WordFence, a hacker can hide from their scans. Since WordFence is installed in the hacked system itself, this would be very easy to do.
Apart from that, as @sterndata wrote, it could also be due to your hosting. You should change all access data there (FTP, database, hosting itself … etc.pp).
Since a lot of time has passed in the meantime, you will probably no longer have clean backups of the project. And if you do, they will be very, very old. I therefore see 2 possibilities for you:
- Change the access data in your hosting. Wait some time and check if the hack re-occures.
- Find someone who can help you personally to clean up your project. This can be a very time-consuming and sometimes costly process. You can certainly find someone like that here: https://jobs.wordpress.net/
- Delete the project completely and set it up from scratch. You may be able to find old content via https://web.archive.org.
I have been restoring from a clean backup EVERY time. The same backup from 2018. I have all the original content including the database backups from 2018. The site starts out clean but it is only a matter of time before it is hacked again. WordPress is very easy to hack. Not only did I start with a backup from 2018, but I deleted all of the wordpress and started with the latest version of wordpress. Then I added WordFence and have run multiple scans including comprehensive scans where it compares files and replaces them. The Wordfence scan is clean. It fact, it is what notified me that someone simply added an admin account. This is all new install of mySQL as well with all updated root username and password. They still walk right into this software like it is hackware.
-
This reply was modified 11 months, 3 weeks ago by
salescart.
Then it is probably related to one of the plugins you are using. Which ones have you installed (and not necessarily activated)? Which theme are you using?
I have been hosting websites longer than wordpress has existed or that the wordpress domain has been registered. I started with FrontPage websites which were never hacked.
I’ve got like 4 WordPress websites on my servers. They are all hacked at will and have been since inception from Day 1 relentlessly through a generation of mySQL, PHP and Microsoft servers, and from virtually no plugins to 5 or 6 plugins. From tight permissions where you can’t even install a plugin or an update to recommended permissions. https://brudtkuhl.com/blog/wordpress-iis-permissions-updates-permalinks/ Mind you nothing else and no other websites have ever been hacked except when someone’s username was compromised or something obvious.
It doesn’t matter what I do. These are the current plugins:
Ninja Forms
Ninja Forms is a webform builder with unparalleled ease of use and features.
Version 3.10.1 | By Saturday Drive | View details
Simple Custom CSS
Add CSS | Deactivate
The simple, solid way to add custom CSS to your WordPress website. Simple Custom CSS allows you to add your own styles or override the default CSS of a plugin or theme.
Version 4.0.7 | By John Regan | View details
Simple Disable XML-RPC
Deactivate | Settings
Simple Disable XML-RPC is a user-friendly WordPress plugin that empowers website administrators to easily control and secure their site by enabling or disabling the XML-RPC functionality. With a simple toggle switch, this plugin helps protect your WordPress site from potential XML-RPC-related security threats, enhancing your website's overall safety and performance.
Version 1.3.5 | By WordPress Satkhira Community | View details
Wordfence Security
Upgrade To Premium(opens in new tab) | Deactivate
Wordfence Security - Anti-virus, Firewall and Malware Scan
Version 8.0.5 | By Wordfence | View details
WP Sitemap Page
Add a sitemap on any page/post using the simple shortcode [wp_sitemap_page]
Version 1.9.5 | By Tony Archambeau | View details | Settings | Donate
Select WPCode Lite
Easily add code snippets in WordPress. Insert scripts to the header and footer, add PHP code snippets with conditional logic, insert ads pixel, custom content, and more.
Version 2.2.7 | By WPCode | View details
The plugins are at least up to date and therefore rather inconspicuous. What are you doing with “Select WPCode Lite”? Does it contain individual PHP code and if so, which code?
Are you using a child theme and if so, does it also contain individual code?
I have taken a copy of the parent theme,. SKT IT Consultant and created a child theme. Only the smallest of changes to the style sheet to make it look differently.
I use code snippets to:
Completely Disable Comments Everywhere. Because that seems to be another hack in WordPress. Even when you have no “forum” in your website, people can somehow still make comments.
Modify the header to add LivePerson support.
@asadullah96 How are they doing that?
What does this snippet you are using look like?
You can reliably deactivate comments in WordPress without something like this. Firstly, you have to remove the setting under Settings > Discussion. Secondly, deactivate the comments for all posts created up to that point – there are helpful plugins for this last step that you only need to run once.
Modify the header to add LivePerson support.
What does this mean?
Again as a hint: due to your often not far-reaching answers, I would again recommend that you look for someone who can look at your project with you personally. This would give someone else the chance to look at the project from a completely different perspective and possibly recognize more quickly where the hacks are coming from. You can find someone like that here, for example: https://jobs.wordpress.net/
I already have comments deactivated in settings. The hackers were still adding comments. That’s why the people who originated the plugin originally created it because that feature as well is routinely hacked on WordPress. Like I said I have been doing this for awhile and WordPress is the most hacked piece of software ever created. In fact, at my other job, the security team doesn’t allow WordPress anyone in the agency. With the plugin the comment hacking stopped.
