Moderator
t-p
(@t-p)
Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Off hand, couple of names that come to mind are Sucuri and Wordfence.
When I try to log into my site to edit in WP, I get a warnning that I need to change my password because it was found in a data breach.
The trick here is to convince you to post your admin password into a form that the attack probably has access to in order to reset it. Best ignore all of those warnings, and follow the cleanup instructions from t-p, in “this guide”.
Then comes the hard part, determining how it was in the first place that an attacker was able to add files to your website.
This is not something anyone here can determine without a lot more information from you.
Likely suspects are:
– via a WordPress plugin
– via a WordPress theme
– via an attack on your hosts webserver
Less likely suspects:
– via an error in WordPress core code
– via malware on your own devices
Important Points:
1) Cleaning up you website files and database whether manually yourself or via a professional service, in of itself does not necessarily mean you have discovered the means in which the attacker was able to leverage their attack. Therefore your website is still prone to a repeat attack.
2) No plugin can save your website from being exploited by an attack on your hosts webserver. Some security plugins can however detect the addition of non-sanctioned files – and prepended or appended code to your WordPress core files, and remove them, but nevertheless the vulnerability that makes this attack possible, remains, and could likely eventually bypass any attempts of plugins to act as antivirus.
