a few days back I noticed a few things on my WordPress site
- One ad in the header and one in the footer
- Hundreds of new blog posts which I didn't post
Here are the things I did to prevent this from happening anymore
- Updated my server password
- Removed links from header and footer.php
- I also found a lot of xml files under sitefiles folder, I deleted them all. All those files had content from the same brand.
A few more things to notice:
- As I came back after doing the above steps I found two more posts posted a few minutes ago which I didn't post.
- Also, after changing my server password yesterday, I got an email today that someone is trying to access my server and is blocked by the service.
- My website.com/index.php also had a link inside
- My wp-includes/wp-db.php had the code below
/** WordPress DB Class Original code from {@link http://php.justinvincent.com Justin Vincent (justin@visunet.ie)} @package WordPress @subpackage Database @since 0.71 */
I have one more WordPress website on this server which is affected in the same way. The other is also having unknown posts having no users mentioned in author tab.
Please, let me know what can be the possible reason/reason and how can I protect my blog and server. My server is namecheap.
Thanks!