JohnW63

I’ve changed to using secure FTP. I’ve removed unneeded database and back-end user accounts. I’ve changed all the passwords of my personal e-mail as well as the site emails. I stopped using a gmail account that was suspicious and made a new one. I’ve deleted the WP folder and database and started new. I installed WordFence right off and left the WP install alone, just to see what happens. After a few days the admin account is edited. There must be a log I can see that shows WP database activity that I can use to track down how this change occurs.

What change logs are available in the WP database or the phpmysql screens provided by hosts?

Since the hacker used one of my email accounts as the email for their admin account, I suspect it might have been that. I’ve changed every password I’ve found and deleted accounts that I don’t need any longer.

Since I only use WordPress for my front page, I think I’m just going to blow it up and start from scratch. I was really liking the reports from Wordfence and the 2FA part. Just really surprised I got hit again.

I’ll make a quick backup.

What does the meta database do? It almost looks like it keeps track of changes or settings that the user makes. The other users have so many more lines in the database than my new admin does.

As long as I have full admin rights to maintain my new WP install, I’ll be fine.

I got the new admin to get to the dashboard. My prefix for the database was not just wp_. Once I edit that to match the database names correctly, it worked.

I guess I still need to know how someone got in when nothing was the same. My admin account was new and the password a random generated 16 char string of stuff. I also had 2 factor auth enabled.

From needing to use 2 Factor at work, I’ve gotten used to having the cell phone with me most of the time.

To be honest, this may all be a good thing. Other than the first 24 hour freak out part. I hadn’t changed my main web page in years. I had gotten lax in lots of things. I just use Word Press for this page, and a few other static info pages. The rest is forum software.

I just need to find a theme that fits the layout I want to have and start editing.

Since my WordPress section of my web site is small, I think it would be best to blow it up and rebuild from scratch. Can I just delete the WP folders and then install WP back on the server and build from there?

Thanks for the link Steve.

I’ve given it a quick look-through to get a feel of the scope of steps. I normally make a good backup at the end of the year but didn’t this time. Of course. I have older backups and I may just revert to one of those, then go through all the upgrades to get current.

I think knowing what folder to kill before restoring will take some time, but the ones dated Dec 26 will be on the list.

John

I don’t yet have WordPress installed. I only have the web site CURRENTLY redirected because Nuke can not work with the newest version of PHP. I want to turn OFF that redirect to the phpBB forum, as soon as I can. I used to do more articles on the front page and had links to “popular topics” in the forum, but I couldn’t keep up on it, so it has become more a front page that mostly gets people interested in what we do and a link to the forum where all the real info is. Php-Nuke is out of the picture, now, so I need to decide on a new CMS or method of creating a new “portal” to the forum and if it is easy to post new info and make the page look modern, so much the better. WordPress is one of my top choices.