I too ran into an issue trying to login to my WordPress dashboard. The site gave a 404 error for both wp-login.php and wp-admin. I tried in both Firefox and Safari browsers, so I know it was not just a typo. A short while later, I was able to successfully login. I did delete a suspicious, empty folder named upgrade from the host side, but don’t know if this is really related or not.
Hey @themess23,
I’m sorry to hear this has happened. My best suggestion would be to:
-
Change your sftp/ftp credentials.
-
Do a clean wipe on the server.
-
Reinstall a fresh copy of WordPress, and install Wordfence before any other plugins.
-
Reinstall fresh copies of all other plugins.
-
Once everything is reinstalled make sure you have a strong password, and I’d suggest using two-factor for added security.
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
If you don’t feel comfortable doing this or the site becomes reinfected I’d suggest reaching out to a hack repair service to have the site professionally cleaned. There are many options out there including Wordfence.
Good luck!
Gerald
Hey @johnrdiehl,
If that upgrade folder was in wp-content it belongs to W3TC and likely wouldn’t be a concern.
In the future please start you own post per the forum guidelines.
Thanks,
Gerald
