I could not find any similar error after searching the web and struggling with the problem for around two weeks.
One of the Wordpress sites I'm managing keeps getting hacked. There has been no damage so far and I verified the integrity of the WordPress core files. I performed pretty much every hardening for WordPress I found, including directory protection of the wp-admin directory. Nevertheless, after a day, I find that all my users in the database have the username m4shell and their passwords are changed.
Has anyone experienced a similar problem?
Configuration of Server:
- WordPress: 5.3
- PHP: 7.3.11
- SSL: YES
- Forced SSL: YES
- 2Factor Authentication activated. (2FAS Light)
- Theme: DIVI v.4.0.7- (Purchased)
- Other Plugins:
- Child Theme COnfigurator
- Disable XML-RPC
- Enhanced Media Library
- GDPR Cookie Consent Banner
- Loginizer
- Post Types Order
- Shortcodes Ultimate
- Sucuri Security - Auditing, Malware Scanner and Hardening
- Theme Authenticity Checker (TAC)
- Ultimate Posts Widget
All plugins are up to date. I have never installed any pirated plugins or themes. Passwords are generated by pwSafe password manager (25 characters mixed) No users except for me and a second user, which my girlfriend uses to upload pictures.
If anyone has an idea what this is or what I could further do, please help I'm really stuck.
