Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#44624 closed defect (bug) (invalid)

Lot of wordpress sites hacked at same time

Reported by: spala's profile spala Owned by:
Milestone: Priority: normal
Severity: critical Version: 4.9.7
Component: General Keywords:
Focuses: Cc:


on a server, they were able to hack several servers, including the cpanel password,
they change (probably with some automation), any worpress admin login, to "AnonymousFox"
and made some changes on a few files, along with installing phpmailers for phising attacks, and php shells.

all the wordpress were up to date, we don't share plugins and some of them were almost naked instalation,

there might be some 0day bug on wordpress, would be nice if someone could investigate or turn some light on this problem, i dont feel confident into restoring any backup, neither to make a fresh install until the actual bug is identified and patched,

Change History (1)

#1 @SergeyBiryukov
5 years ago

  • Keywords needs-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi spala, welcome to WordPress Trac!

This place is for fixing bugs in WordPress itself. Unfortunately we can't help you with your hacked sites here.

For that we have and also to help you get started with cleaning up your sites and getting back to normal.

Note: if you do think you have found a security vulnerability in WordPress core, please take a look at

Note: See TracTickets for help on using tickets.