Use strong password. If you are only user of your site then block access to login page after your login. Use https only.
Thank you for that information.
I am interested in finding out what “hole” allowed the hackers to get in.
Could be one of many routes e.g.:
– Passwords brute forced
– Passwords harvested from a compromised machine or email account
– Cross infection from shared hosting
– Vulnerability in an installed plugin or theme
– Outdated PHP version
To find out exactly what happened and why you’d need to go through your server logs with a fine toothcomb, identify the hack, remove all traces, fix the vulnerability, and then take steps to prevent this from happening again.
Having Wordfence installed should be one part of a broader security strategy.
Some useful advice can be found here: https://codex.wordpress.org/Hardening_WordPress
Thank you.
I’ll look into that.
Hi @redthruviolet
Like @pidengmor mentioned, you might want to take a look at “How Attackers Gain Access to WordPress Sites” article, however, to pinpoint the exact backdoor on your website this will need in depth server inspection that might require hiring a professional security analyst.
Thanks.
