WP Database Hack

  • Hi there,

    Hopefully this is the appropriate place to post this question.

    I recently tried to login to one of our clients sites using our administrator account (which isn’t ‘admin’ btw ?? ).
    I couldn’t get in, forgotten password wouldn’t work either saying it didn’t recognise my details, which I knew were correct.

    That lead me to have a look at wp_users table in the database. I found our admin account in there, but someone (I presume a hacker) had managed to change the email address and username on the account to something totally different, I assume so they could gain admin access to the site.
    Nothing else looked touched (I ran Wordfence and all in one sec), but we cleaned the site up anyway are per the WordPress guide.

    Any ideas as to how they might have managed to do this? Never seen this sort of hack before on my sites.
    The site was reasonably up to date software wise, maybe a week behind with updates at the most. I guess that might be all it takes!
    Or is there other common ways/holes in which they could gain access to the database?

    Thanks in advanced.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘WP Database Hack’ is closed to new replies.