Who knows this new attack? Who found out more? Please write to me in the comments below.
- Login is not possible. Instead you get forwarded to a website called likemytests.pw
- Later, after the first aid, the file permissions are wrong and some plugins can no longer be updated.
- Log into the database via phpMyAdmin
- Restore the site URL in the “Options” table. Here is the likemytests.pw URL and causes the forwarding
- Log back into the WordPress website and delete all dubious user profiles.
- Play an older backup that hasn’t been affected yet, or reset the website (if you want to be 100% sure no backdoor is open)
- Change passwords at: WordPress admin profiles, FTP, database
- What basically everything to do after a hack can be found, for example, at netz-gaenger.de
Last but not least:
If customer data (personal data or even worse payment data at web shops) are also stored in the database, which may have been theoretically stolen by the hack, it may be that a reporting obligation is required by the persons concerned and the responsible data supervisory authority. Legal advice should be sought for this. Reading on the subject, e.g. here: www.it-recht-kanzlei.de/pflichten-diebstahl-kundendaten