My WordPress Sites Been Compromised
You have a wordpress.org site and you suddenly notice posts that you never wrote. WOW… 68 posts written in one night! I can’t even type that fast.
Here’s how it happened.
I woke up to realize I had a bunch of posts on my site that I never wrote. The first thing I did was check my users in the sidebar of the admin panel. Amazing, I had 68 administrators that not only were able to log in but they published posts to my blog. That’s right, my site had been compromised. Hey if you want to write for me just ask. The worst part of it was I couldn’t even read the posts. They were using lingo I couldn’t even read.
After investigating it further, I realized the mistake was mine. I had changed some settings the evening before to allow anyone to be able to subscribe to my blog. Unfortunately, I also added them as administrators and believe it or not, it’s actually an easy mistake.
I just wanted to bring it to anyone’s attention that might be reading this. Make sure the radio button for subscribers is checked in the admin settings area. You can select a few options including administrators, which you definitely don’t want.
By the way, if you have a plugin installed to automatically publish your posts to facebook, twitter, linkedin or any other social media site. I spent half my day trying to clean up my mess. There was posts all over my social media sites.
Just a word of wisdom… Learn from my mistake!
[cta id=”362″ vid=”1″]