Urgent Security Concern on My Websites

  • Resolved Nhanos5

    (@thnatha5)


    11 months, 3 weeks ago

    I am currently facing a serious security issue on my websites. Specifically, a user with the username “wp_update-xxxxx” was created outside of WordPress, despite the previous security measures we have taken. We are responding promptly to this threat by deleting the user in question and changing the passwords for both the administrator user and the database.

    We have also scan, but no suspicious files or activities were detected. I am using the latest version of WordPress (6.4.1) and the free version of Wordfence. Additionally, I have installed and used other plugins to perform scans and have cleaned all of my websites.

    However, one day after addressing the issue, we received the same notification about the creation of the user “wp_update-xxxxx…”

    Please, if anyone has noticed or is experiencing similar issues, kindly report it as soon as possible. Your prompt attention and cooperation in ensuring the security of our community are highly appreciated.

    Thank you.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @thnatha5

    Please follow our site cleaning guide below:

    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    Hello, I had exactly the same problem, did you find a solution?

    Do we know what the purpose of this malware is?

    Thread Starter Nhanos5

    (@thnatha5)

    I am facing the same issue again. I had the same problem month, and it was fixed with the new release of WordPress version 6.4.2. However, now I am encountering the same problem again

    Hi,

    I have this same issue. 2 new admin accounts created on each site, several files added into the install, some code prepended to core wordpress files, wpconfig altered.

    What hosting are you using? I’m on a VPS. I believe the gap in security must be at the Php, Mysql level on the server, and not the WordPress install itself.

    Interested to know how people fixed it. I am currently cleaning, and moving a handful of sites to a new VPS and seeing what happens to them…

    Sorry, the post is set as solved but I didn’t understand what the solution is

    • This reply was modified 9 months, 3 weeks ago by aganis.
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Urgent Security Concern on My Websites’ is closed to new replies.