If you are a WordPress user as well and use an older version of the plugin, then there is a high risk that your site will be hacked. I experienced this myself and I write this little article to warn you. Please update “WP GDPR Compliance” to the recent version (as a site note: the same applies to WooCommerce).
But if your site has already been hacked because of this security breach:
- Go to your WordPress database via PhpMyAdmin (or similar)
- Click on the name of the database to load all tables
- Choose wp_users
- Look for the user entry of the hacker (if it’s there) and click on the red symbol to delete it and confirm the deletion
- Change your WordPress password: click yellow symbol to edit, type in the new password in the user_pass field and choose “MD5” from the user_pass dropdown list, click OK to save it (MD5 encrypts your password)
- Then go to wp_options
- Make sure the correct url of your site stands in the option_value fields for “siteurl” and “home” (yellow symbol to edit or double-click on the field)
- If you don’t want the registration of other others, make sure that the option_value for users_can_register is set to 0 and the corresponding auload is set to no
- If you not done yet: update “WP GDPR Compliance” to the recent version and update your other plugins just in case.
- Install other security plugins like Wordfence (scan your WordPress installation to check if data files or your database have beeb modfied), NinjaFirewall as another security level and WPS Hide Login to change the login url to make it harder for hackers to break in your site.
- Check if a file called “wp-cache.php” is in your WordPress root folder and delete it
- Check if the a the “2MB Autocode” plugin is installed and remove it
- Try to update you plugins more often for safety (I didn’t do this regularly and was quite surprised that both of my websites were corrupted. Adversity is the school of wisdom 😉 .)
- Last but not least, make a backup of WordPress
You could restore a previous backup of WordPress, too, but keep in mind there might be other vulnerabilities which could compromise the site again until all issues are corrected.