D.S. Webster

@bfl The issue is not specific to WPEngine. It’s occurring on Pantheon as well. Both hosts support git based deployments. I’ve seen similar issues occur when a file is mistakingly ignored by git. I’m testing the patch you posted on a Pantheon deployed site now.

UPDATE: Confirmed that the patched version works on Pantheon when deployed via Git.

• This reply was modified 10 months, 2 weeks ago by D.S. Webster.

For those of you who have encountered this issue, could you please share the version of WordPress you were running at the time your site was compromised and what themes and plugins you are actively running (plugin and theme version numbers are also helpful).

NOTE: It’s probably best NOT to publish your URL when discussing security in a public forum.

I’m a WordPress developer and work to secure sites on a daily basis. I was recently contacted regarding a similar issue and am actively investigating the root cause.

Here is the setup of the site I’m investigating:

WordPress 4.9.1

Theme: Custom Theme (appears to be based on roots / soil library)

Plugins:

• Advanced Custom Fields PRO
• Advanced Custom Fields: Nav Menu Field
• Advanced Image Styles
• Custom Upload Dir
• Gravity Forms
• Gravity Forms Quiz Add-On
• PDF Embedder
• Preserved HTML Editor Markup Plus
• Redirection
• Regenerate Thumbnails
• RICG Responsive Images
• SearchWP
• TinyMCE Advanced
• Yoast SEO

Also, To reset your username the fastest method is to edit the database directly via your cPanel / PHPMyAdmin or command line. If anyone needs help in that regard I will try to assist if you care to reach out directly.

• This reply was modified 7 years, 1 month ago by D.S. Webster.