Hi,
we have a website, which is latest version of WP, no "admin" user, hard passwords only, Sucuri+Better WP security running. And today, somebody has hacked us through wp-cron.php and imported malicious "post.php" file and our presentation got blocked. Could anybody try to help me to understand what has happened and how to prevent it from happening again?
wp-cron.php has not been altered from original version.
Thanks a lot
Karolína
log from webserver:
===
epopart.cz 209.68.5.173 "-" "-" [14/Mar/2016:05:13:13 +0100] "GET /wp-cron.php HTTP/1.0" 200 255 "http://epopart.cz/wp-cron.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/5362 (KHTML, like Gecko) Chrome/15.0.823.0 Safari/5362" 209.68.5.173 157807
epopart.cz 46.4.76.214 "-" "-" [14/Mar/2016:05:13:33 +0100] "POST /post.php HTTP/1.0" 200 291 "http://epopart.cz/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.1)" 46.4.76.214 4532