I cannot log in in my wordpress admin

Good morning. I set Always Use HTTPS two weeks ago. everything was good till this morning. I can not login with both my accounts. I check all recommended links and all are with https. Could it be that had happened something else or I have done something wrong. site is www.lil-house.com you can see that all is under https.

and what is interesting, it is not my username, my is just gatis, but I got Hi foxilitrix when I try to reset my password and when I use link it says that it is in use already:

What I have done till now:
I try to set to developer mode, pause cloudflare, cleared cache - dosent help.

please help, I have no idea whats happened.

What happens when you try to login?

I doubt that this is Cloudflare related since it worked until today.

Unknown username. Check again or try your email address.

We have be warned if we set in cludflare Your SSL/TLS encryption mode is Full. If we check full, than we have to be sure that we have https to all links. But I can not understand first of all I have and had this SSL (https to all links) and if it is because claudflare than why it happened only now?
Tanks for trying to help.

Tanks for help - it is not cloudflare fault. Site was hacked :frowning:

Hi gatis

We had this yesterday, too. all accounts were changed to user „foxilitrix“ and the password was also changed.
Can you say if you have/had one or more of this plugins on all your sites installed:

– 404 All Redirect
– Popup Builder
– WooCommerce Orders Export (CSV)
– DateTime Picker Plugin
– Webp Generator
– WP Rocket
– Revolution Slider
– WPBakery / Visual Composer

Maybe we can find the malicious code with your help.

Hi, At that time I had not any of your mentioned plugins. I was using just woocommerce but not this special extension WooCommerce Orders Export (CSV) - I think it comes default in woocommerce. I did not get idea how they did it.

Hi,
thanks for your response.
Alright then we can exclude an Plugin Issue. We don’t think it’s a woocommerce issue because otherwise there we’ll be a lot of hacks.
Which template have you used and from which vendor?
Thanks for you help

It was half a year ago when they hacked our site. But they are still trying to login every day.