ex19

I should correct that last post, i meant to say they put the file in 6-21 but it only appeared to be hacked on 6-29, so there was a lag in the hack time. ??

Thanks for checking the search, but I had them running all kinds of versions. I have seen one thing unusual in most of them wp-cron seems to have been affected. Other in commons are the ip addresses are russia, some iran and russia. Also one of those sites I checked yesterday and it was fine, then I find a dated 6-21 file change on the them index and styles, which appears they hacked it a few days ago but it didn’t take effect??? Maybe it was my browser cache. ??? not sure.
I am wondering if wp-cron has someway of being activated and how I can check this.

on those same ip addresses I also had one of them hitting /load-scripts.php

These guys have caused me hours of work fixing. they delete the admin email address, so no use of lost password and have to go to mysql to directly change the user email.

ok, fixed the search with a workaround on the searchform using /index.php. Unrelated.

There is an issue with using index.html and index.php and canonical solution posted. The search doesn’t work. Any ideas?
Thanks!