Disgruntled former CTO hacked our admin office

Posted 1 hour ago #

A former CTO of our company hacked into our back office. I changed the user/pass credentials several times already but he still manages to gain access in our admin office. We’ve had our attorney send him a demand letter already but yet he still continues to breach our WordPress back login. This is becoming destructive to our operation and having our legal counselor send demand letters every time he makes these changes is becoming costly. Please help me regain our back office and block him from future access.

Our site login: http://www.cannaeo.com/blog/wp-login.php

Don’t change just the user/pass, change his access level, and/or email. If you only change his password, he can still do the ‘forgot password’ form and reset it.

If you’ve already done all that, you may have a backdoor in your code somewhere or you’ve been hacked.

If all else fails have a look at the FAQ https://codex.wordpress.org/FAQ_My_site_was_hacked

Chances are if you follow the above FAQ and he/she can still gain access, you may have a backdoor, which will require a developer’s intervention.

It sounds like someone (might not be the old CTO… innocent until proven guilty and all that) has access to something more than just your WordPress site.

The first thing to do is change the passwords to your hosting account, and the database (and remember to update the database password in your wp-config.php file at the same time). Normally hosting control panels will give users more than enough power to change accounts back to what they were, add in new ones, etc, and all outside of the WordPress system.

On top of that I’d also delete that WordPress account, not just change the username and password. Just make sure to attribute all of the content from that account to a different account when you delete it.