Bob,
Contact your webhost right away for assistance. If you have a Managed WordPress Host like SIteGround, Kinsta, or WP Engine, they can help you top this from happening.
Meanwhile, update your WordPress to the latest version, also update your Theme and plugins to the latest versions.
Lastly, create a NEW user with administrator rights with a STRONG password, and delete all other users, including your current user.
You did not give us a link to your website, but making sure it has a SSL installed for the HTTPS protocol is important too. The hosts I listed above provide FREE & EASY ways to achieve that level of security, and provide security measures in their hosting environments.
If you are on a EIG owned hosting provider, you may want to install something like iThemes, a free security plugin.
Hope something I said was helpful!
Take care,
JD
Thanks JD,it’s [ redundant link removed ] is up to date and has SSL , Wordfence and ithemes security. I’ll get in touch with hosting service and try to sort the out-dated theme and plugins.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Moved to Fixing WordPress, this is not an Everything else WordPress topic.
Sounds good. Hope they help you sort it out. Take care.
There was a security issue a few days ago in the WP GPDR plugin, allowing someone introducing a new user (admin level) in your site. You should have had an email from your site telling you so.
rollback from a previous backup, login and download the latest plugin updates.
Installing the ninja firewall will help preventing a hack again, since wordfence did NOT prevent this hack from happening…
