How can I find security hole in my wordpress site?
Last day I’ve noticed that my site is hacked and a PHP backdoor is installed on my site.
Virus scanner reported that a plugin file is inside my
wp-content/uploads which I did not upload it myself. It included a wordpress plugin plus some php shells.
I don’t know how this file placed there, by using this file, hacker could access root folder of my host, create files and change permission of file to allow them to be executed.
I don’t know how does it help the hacker and what was the benefit for him/her but he could create a file on my host and claim my site as its property on google search console.
I want to know:
- How can I find the security hole on my site?
- What was the benefit for hacker to claim my site as his/her property on Google search console? I removed him/her from google search console of my site but I want to know the risks that it might bring for me.
I’m using wordpress 4.6.9, I’ve used plain-ftp sometime for file transfers which I guess it might put me in trouble but I’m not sure. I also noticed change in size of database and host disk usage.