WordPress Site Hacked

killdurst used Ask the Experts™
My WordPress site was hacked to the point where the hacker/bot was able to create categories and posts.
Some of the posts created were...

Master Of Papers . Com examination: top service to get college assignments asap & guaranteedly
Papers Monster . Com close-up: trustworthy company to receive papers readily and on time
BUYESSAY.NET overview: prime corporation to get research papers quickly & at the right time

What could have happened here?
Who could have done these and how?

Any help would be appreciated, thanks!
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
95% chance the root cause was one of two things:

1. A failure to keep patching reasonable current.
2. A stupid password.

Anything else would be a long shot.
It was most likely just random that your site got hit- but it would be through some WP vulnerability and a code injection.  One downside to how popular WP is would be that people have access to it and to the code so these pop up pretty frequently.

Keeping your WP site up to date is the most important thing, and then of course anywhere you have a submission form make sure you have captcha or some verification in place to help limit bot activity.  I'd suggest at least once a week running updates on the site.
To answer your questions,

What could have happened here? <--- You already know it was hacked and hijacked, you're also already aware that its a bot or an automated script creating blog posts & categories advertising those things on random sites running on a WP platform ...
Who could have done these and how?

Someone paid to do advertising or some glitchy programmer student or hobbyist, lol! To their understanding spreading the links online will boost up their site via keywords for search engine crawlers. A script embedded onto a server. Youll only need a list of sites to target... input. run. and watch it post awaaayyyy!!!  

You can ditch WP and switch to a more secured CMS platform.  :P!!
William NettmannPHP Web Developer
The same thing happened to me, and it wasn't so much a WP vulnerability as a FTP exploit. I had pretty decent passwords, too - 13 characters, completely mixed. I found the evidence in my server logs after I found the hack.

What I have done:

Replaced WordFence with iThemes Security, and followed all the recommendations on their audit.
Disallowed FTP on the server, only SFTP with key based authentication, no passwords
Disallowed passwords for SSH, only key based authentication
Installed and configured Fail2Ban to globally deny access to anyone who has more than 1 failed login.
Signed up with CloudFlare - not only faster, but more secure. (Free)
Pallavi GodseSr. Digital Marketing Executive
Here's a Wordfence cleaner tutorial to clean your hacked WordPress site -

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial