Core WordPress Files Were Modified - Fix?

Hi there,

Today Sucuri showed me this error on my website. I selected the restore option and it is showing the error given below.

Strangely, I also saw a post published on the site which was not done by me.

How to fix it?

Oct-Nov 2020, lot of WordPress got hacked.

Reasons

  • Outdated Divi theme
  • Unknown

Symptoms: It’s like WP-VCD attack.

  • High resources usage
  • MySQL database going down
  • Suspicious admin account created
  • Modified wp-config.php and addition of other files
  • Addition of random new post
  • Presence of Sitemap file listing random URLs associated to some political or health niche URLs

What to do if you are affected?

  • Restore previous backup
  • Update all themes & plugin
  • Scan your site with WordFence
  • Don’t assume Cloudflare ‘Free’ plan is enough, It’s not. Many sites were using and still got hacked. Upgrade to Pro for its Firewall or use Sucuri.
  • Reach out to Professional Developer for hacked clean up.
2 Likes

During the same period, a couple of things happened to me.

  • Suspicious admin account created
  • Addition of random new post (yesterday)