Wordpress admin password has been changed

A hacker now managed twice to change the admin user password of my WordPress blog. In both cases I received an email from my WordPress installation that someone requested that the password be reset for the admin account.

The actual culprit was a bug in the Leaflet Maps Marker plugin: http://1337day.com/exploits/18944

If you have something similar, search in your Apache log files for password resets to see where the problem is. For example with

grep wp-login.php?action=rp /var/log/apache2/*

or

grep lostpassword /var/log/apache2/*

By the way, disabling a WordPress plugin does not prevent your site from being hacked. If you have an insecure plugin, delete it!

Use WordPress plugins sparely and check the exploit database at http://1337day.com/ for security issues.

Wordpress admin password has been changed
Share this