Hello,
We added WP Foro to our wordpress site around 6 weeks ago. A couple of days ago, someone was able to inject some code into an admin's post. The code was malicious but, fortunately, because it was injected into a text post, the script was not executed.
Our security settings and permissions are solid, we've had no issues until now. Only admin users have the ability to add/edit forum topics, so it seems like we may have been hacked.
I don't know if the forum plugin has been hacked, or if our site has been hacked elsewhere. Can anyone provide a recommendation for how to ensure that this doesn't happen again?
Thanks,
James
Probably your site is hacked (?) via some other point (not wpForo), a plugin or a theme or security issues you may have.
Impossible to tell.
You MUST find how this was done, otherwise you will be hacked again. And of cource you must clean whatever was infected.
Google the script and see what it does and what you must clean.
Install a security plugin. I HIGHLY recommend
https://wordpress.org/plugins/ninjafirewall/
in full waf mode.
Check your hosting security.
you can check your page here https://sitecheck.sucuri.net/
visit my wpForo > Tutrix.de (unofficial german wpForo Support)
with lots of customization & modification, e.g. hover cards, topic/post preview on mouseover, chatbox and much more...
