Regarding the security issue

#1

Hi

I think we have a security issue again and again although we change the password and enable two-factor authentication immediately. Someone logged in using our account, uploaded Spam ad, and even changed the category setting which can only be changed by manager. Will it be enough to just change the password and enable the two-factor authentication?

We only upload in Korea, so is it possible to block any overseas IP from uploading a post in the name of our account? (Still they must have no problem in reading the post)

#2

Nothing will ever be enough but two-factor authentication can help prevent access to accounts but it sounds like your web host may have other issues.

Yes. You can create Firewall Rules that block access to whatever is used to upload.

#3

Seems attacker have access to website/server through a backdoor. Check for shell scripts, rootkits etc.

#4

If your website has already been compromised, you need to run a scanner to remove the malware from your site and its database. If your site is a WordPress installation, you can use the free scanners from Wordfence or Ninja Firewall, they both are very good.

Also, if your website has been compromised, you need to change password and enable 2FA where applicable on your:

  1. OS (Windows/MacOS/Linux) used to access the website admin area
  2. email accounts (this is the most important, and most often neglected)
  3. hosting provider account, including cPanel if a different password
  4. website admin account
  5. SFTP account (please stop using the non-secure FTP)

Also, do not forget to change the “salts” in your wp-config.php file, as even after a password change, a hacker can still access it for a couple weeks if you do not change them. You can use a plugin like Salt Shaker if you are not comfortable editing wp.config.php.

You should also consider creating an Access Policy for the admin area of your website. It’s free for up to 5 users per month, $3 per user/month thereafter.