Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?

Closed 4 years ago.

I am using the latest version (5.5) of WordPress themes and plugins. I also have 2 custom-written add-ons. I tried all the protection methods I know of.

• wp-config.php and wp-admin url and admin nick changed
• .htaccess disable xmlrpc.php and wp-config.php
• Installed Wordfence + 2FA login
• Password reset blocked
• MYSQL name and password is good.

I got hacked.

see photo

wp-admin/admin-ajax.php and wp-login.php

Can you give me another idea for wp protection?

Hacker has tried this:

?action=lostpassword (a lot of and he login my wp-admin) wp-admin/admin-post.php?page=wysija_campaigns&action=themes (I don’t use wysija) wp-login.php

How can I close requests from outside to admin-ajax.php, wp-login.php, wp-load.php, etc.?

Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?

Closed 4 years ago.

I am using the latest version (5.5) of WordPress themes and plugins. I also have 2 custom-written add-ons. I tried all the protection methods I know of.

• wp-config.php and wp-admin url and admin nick changed
• .htaccess disable xmlrpc.php and wp-config.php
• Installed Wordfence + 2FA login
• Password reset blocked
• MYSQL name and password is good.

I got hacked.

https://prnt.sc/u13mku see photo

wp-admin/admin-ajax.php and wp-login.php

Can you give me another idea for wp protection?

Hacker has tried this:

?action=lostpassword (a lot of and he login my wp-admin) wp-admin/admin-post.php?page=wysija_campaigns&action=themes (I don’t use wysija) wp-login.php

How can I close requests from outside to admin-ajax.php, wp-login.php, wp-load.php, etc.?

• admin
• hacked

• Stay calm. Read WordPress's FAQ My site was hacked documentation. – Pat J Commented Aug 17, 2020 at 19:45
• 3 Your site was not hacked, someone attempted to run an exploit and it failed, it was successfully blocked. – Tom J Nowell ♦ Commented Aug 17, 2020 at 22:21
• Yes attempted and another site hacked, i am installed new i – Tamerlan Memmedov Commented Aug 18, 2020 at 20:14

1 Answer 1

Attempt to access the login page happen all the time. Not a big deal....assuming that you have proper protections. Like:

• Not having a user named 'admin'
• Not allowing enumeration of user names (so user names aren't discoverable)
• Using strong passwords on all accounts, especially admin-level
• Using strong passwords on hosting, FTP, database, etc
• Disabling access to xmlrpc.prg (a common hack entry point)
• Being careful with user-uploaded files (if you let users create entries)
• General AV protection on your local computer (and good password policies)

I manage a lot of WP sites, and I don't worry about invalid login attempts, because I follow the above rules. I also have some security settings I apply by default (via a plugin that I wrote) to add to the htaccess file.

If a site does get hacked, then I follow a carefully evolved process of cleaning up the site. Lots of googles/bings/ducks on cleaning up a hacked WP site. My process is here https://www.securitydawg/recovering-from-a-hacked-wordpress-site/ - there are many others.