I’m still running checks, but it really looks like all they did was change the admin user name for this one site. They didn’t even attempt to log into the blog using the new user name! I don’t know if I just happened to find it just as they were doing it, or if that was all they intended to do. Frustrating as hell, but could have been worse.
To be safe I’ve disabled a couple older plugins that haven’t been updated in a while, so there’re a few things not working quite right as of right now, I’ll hopefully be fixing them in the next week or so.
Having said that, if you get malware warnings when trying to do anything here please let me know so I can check into it further! I THINK I’m clear, but I’d rather know right away if something goes wrong!
As a general rule, “If you are on the Internet, you do NOT have security”. Also, in complex systems, those twiddling the bits were probably not hired because of their skill or experience. Such is the current world. Good Luck.
Well yes, but my concern was what sort of malware might have been added and I’m not finding any.