As some of you noticed, this blog keeps on getting hacked. I need help.
- I have the latest version of wordpress. I have changed the password and I did my best to find any backdoor.
- I do not think anyone can modify the PHP files because they are not writeable on the server.
- In the latest hacks, they update the content of my post with hidden spam. That is, the spam appears directly my relational database. It appears that, indeed, the PHP files are not modified. It also appears that they are only able to update the latests posts. Indeed, only 3 posts had spam in them. Surely, if they could have done more, my entire database would be filled with spam right now.
So, what should I be looking for?
I think there must be at least one backdoor left. I have checked that when I write a new post, the spam is not automatically inserted. So, the post must be updated a bit later.
This is very scary and annoying.
Update: My current best guess is that only few blog posts were modified because I changed my password and removed the default admin user just in time. If so, I am very lucky because the spammers could have infected all of my content. Indeed, it appears that none of my recent posts have been spammed. Of course, it could be just a matter of time…