My blood pressure rises every time there are one of these threads.
Your version will still leak via your feeds going that route. Instead you should...
/includes/version.php
Change:
$wp_version = '2.9.1';
To:
$wp_version = '6.9';
Don't go with a low version number or you'll keep getting that upgrade nag.
^ Well, WP is what got hacked, the page.php file specifically (so far) and I was able to login to cpanel and change the password.
I don't know, this shit is breaking my mind.
What file in the WP install would I try and change the password so I can log back into wp and check for any added users?
Thanks for all the help.
If they're in cPanel, then this almost certainly had nothing to do with WordPress.
^^^ That.You can go directly to the MySQL database, if you find any unauthorized users, edit their password to some random data.
Your version will still leak via your feeds going that route. Instead you should...
/includes/version.php
Change:
$wp_version = '2.9.1';
To:
$wp_version = '6.9';
Don't go with a low version number or you'll keep getting that upgrade nag.
You are using a development version (6.9). Cool! Please stay updated!
How much traffic is the site seriously getting? Check your latest visitors logs in CPanel and see what's been accessed by IP - maybe do a little banning even if they're using proxies. Does the customer need foreign traffic?
dickroll em.