WordPress Security and Possible Hacking - wordpress

I'm new to WordPress and I've just found an email saying I have a new user, and sure as chips there was a new subscriber, even though I had not been asked to allow it.
Is this normal or was my site hacked?

It's normal. Anyone can register on your WordPress site. But if you don't want any subscribers, then you could disable Sign up function. And for security, you should install plugins like jetpack.

This seems to be normal. Is your website live? And you have any 'subscribe now' option? It seems someone came to your website and subscribed to it!
It's not hacked for sure!

Related

wp admin user name has been changed by someone

As a Administrator of my website (Wordpress with Woocommerce), I am unable to logged in on my website's wp-admin panel. Then I tried to log in from another user name and it got successfully logged me in, then I saw the name of my admin user has been changed. I am amazed how it was happened? who did it? and why ?
Please suggest me what should i do ?
How to avoid such incident again ?
Incase the culprit who did it, In the next attempt, if he/she changes name of my second user of wordpress, what i should do ?
I am afraid if the culprit change the names of my all wp users then what should i do?
It seems a hacking attack.
So I suggest you first , upgrade your plugins and themes.
Then don't forget to scan your whole site with wordfence.
Then secure it with wordfence , I suggest to use it's pro version, I really feel it useful.
Then tell your hosting to scan and make sure no security issue there.
Note : Don't forget to remove your ftp and extra admin or change their password at least.
Your task is done ..
Still confusion, consult with an expert like me.
Block or delete the mentioned admin account
Install a security plugin like Wordfence
Scan your whole site (with the plugin), it's very likely a backdoor has been installed for future attacs
Change all passwords of admin-accounts and advice your users to do the same
Change the passwords of your FTP, database and possible webserver-interface (if the username was changed, it's likely done directly inside the database)

Wordpress login with true username & password failed

I am managing a wordpress site. Recently, I have trouble with the login system. Even though I give the right username and password, it give me the login page again and again, instead of redirect me to the dashboard.
The solution that I usually do is dropping all the tables in the database and import them again. It temporary fixes the problem. But the problem still have possibility to exist.
Anybody know what the problem exactly is?
WordPress login issue, when you have 100% correct username and password, and it does not give you username/password incorrect error, but it just takes you back to login form... it is mostly due to some security measure by some plugin or theme. Most probably a plugin, could by JetPack's security feature, or any other security plugin like Bulletproof Security Plugin & AIO Security (as was the case in OP's situation.)
To make sure if that is the plugin, or which plugin, I suggest a quick work around, ftp/ssh to your server and rename plugins folder as plugins-old, and create new blank folder plugins for now.. and try to login now... this time if you can login perfectly, then it is some plugin, most probably security related plugin, now you can go back to ftp and restore the plugins folder, and then you will have to activate/disable one by one to see which plugin might be the issue.
I have faced this issue many times in the past and above approach has always helped me get it fixed.

Custom Login and Registration for new WordPress users

I'm fairly new at WordPress, therefore hopefully someone will find it easy enough to share a few minutes of their time assisting me. Basically, I was trying to implement custom registration into my new WordPress install. After struggling for a while, I came by the BuddyPress plugin, which seems to be absolutely amazing, except for one thing - while the registration works perfectly well, in order to login you apparently either need to have a wordpress account (there's the wordpress logo, etc). Would there be any hints on what actions could I take now ?
You could use WordPress with both the BuddyPress and Theme My Login plugins. This would let you completely customise the login and registration pages of WordPress.
This IMHO is the classic online tutorial for customised login/register/password retrieval for Wordpress.
http://digwp.com/2010/12/login-register-password-code/

Is there way to check wordpress logs? Like what actions admin has performed etc?

hi friends Is there way to check wordpress logs? Like what actions admin has performed etc?
Actually I am working on a project and someone has deleted my pages templates to trash and my site was down. I want to check who did this in my wordpress admin panel?
I don't think Wordpress has an event log, at least I've never heard of one or seen one. There is a login logger plugin, but it has to be installed and doesn't work retroactively.
In theory, it should be possible to get at least the IP address of the perpetrator from the normal Apache access logs, and searching it for all recent accesses to the /wp-admin folder. That is pretty cumbersome work, though.
You can use a plugin for this: try Stream or its competitors.
You may try this Activity Log Plugin.
If you have tens of users or more, you really can’t know who did what.
This plugin tries to solve this issue by tracking what users do, and
displaying it in an easy to use and easy to filter view on the
dashboard of your WordPress site.
You can try User Activity Log - WordPress Plugin.
It helps you monitor and keep track of all the activities occurs on the admin side. It will give information about log of all user activity and admin get notified when a particular user is logged in.
The following is not about action logs, but error logs, but it is also helpful. If that happened and you have WooCommerce installed, you will have access to logs:
Admin panel->WooCommerce->Status-> a tab: [Logs]

Good wordpress sitewide message system plugin

I need a plugin for wordpress that will allow people to put a message at the top of the site that may state things like upcomming events or notifications of outages of our server..etc...etc..
Anyone know of a plugin that can do this?
All the one's I've found like WP Announcement and Announcer don't seem to handle this very well. I cannot have the modal popup either.
I would suggest a roll your own version. Using a plugin framework, like PodsCMS can help with this and even make it manageable with custom admin menus. This combined with the Adminimize plugin can even help with restricting access to this feature on a user role basis.

Resources