ahall41
Forum Replies Created
-
I just notice this issue on one of my sites, and that it relates to the Elementor upgrade.
There is a github issue open which relates to this: https://github.com/elementor/elementor/issues/15903
Thanks for the reply. I suspect we may have been hacked before we installed Wordfence … all the plugins we have now seem to be respectable. The spurious user has been removed – only 3 have access to create/update posts. All we can do is wait and see (except I think I should also add a trigger to prevent creating posts with
<script>
tags.Not sure if this is significant, but I’ve detected a user wordpressssadmin ([email protected]) role=None. Now removed.
Also we’ve been having quite a few login attempts using real admin usernames. Even though I’ve changed them, the new names are appearing in the failed attempts list. ” Prevent discovery of usernames through ‘/?author=N’ scans, the oEmbed API, and the WordPress REST API” is ticked, and the IDs don’t appear in a posts or pages that I can see. Which makes me suspect something is acting from the inside?I added the following triggers.
CREATE TRIGGER trg_update_wp_options BEFORE UPDATE ON wp_options FOR EACH ROW IF (NEW.option_id IN (1,2)) THEN SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'Cannot update locked record'; END IF / CREATE TRIGGER trg_update_wp_posts BEFORE UPDATE ON wp_posts FOR EACH ROW IF (NEW.post_content LIKE '%<script%>%') THEN SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'Script not allowed in post'; END IF; /
Just need to see if anything appears in error.log