WordPress Hacked (via twentyfifteen theme)

  • Dear all,

    My wordpress site (running woocommerce) has been compromised. Would like to seek advice and also share these information and hopefully it will not happen to other WP owner.

    So it all came to suspicion when I received a email informing me that I have changed by password in the middle of the night. As expected, I can’t already log in to my admin page. Following up, I skimmed through the logs and found multiple uncommon requests:

    /wp-content/themes/twentyfifteen/sym/root/home/readyapp/public_html/wp-config.php
    /wp-content/themes/twentyfifteen//sym/root/home/infinity/public_html/wp-config.php
    /wp-content/themes/twentyfifteen//sym/root/home/infinity/public_html/wp/wp-config
    /wp-content/themes/twentyfifteen//sym/root/home/infinity/public_html/blog/wp-config.php
    /wp-content/themes/twentyfifteen/sym/root/home/readyapp/public_html/blog/wp-config.php
    /wp-content/themes/twentyfifteen/sym/root/home/readyapp/public_html/joomla/configuration.php

    seems to be is a scan to see if the site is vulnerable. On my webserver, there are also multiple illegitimate PHP files found.

    Anyone have similar experience? I am planning to remove the theme to prevent future instances from happening.

    Thanks,
    catsarecool

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘WordPress Hacked (via twentyfifteen theme)’ is closed to new replies.

Tags