Revoked site access via Salt & DB details

Hi,

I'm wondering: if a user has had his WP admin (admin role) access revoked, but previously has had full site access, but no FTP/SSH, what would be the preventive measures to avoid this user regaining access?

I'm thinking that the user could have installed and deleted a ftp plugin and could have accessed contents of wp-config.php, therefore accessing Salt keys and DB user&pass.

Salt keys can easily be resetted (viva Defender!), but what about the DB? can it be somehow accessed remotely if set to "localhost:3306" in wp-config.php?

Is there any other option the site could be compromised? (considering we checked for added users and uploaded plugins).

Thanks!

  • Prathamesh Palve
    • Staff

    Hello D.,

    I hope you are doing today and thank you for giving us time to check this for you.

    Here is a checklist for you to make sure you are safe.

    1. Make sure you change your Database User credentials

    2. Recheck from the wp-config.php file that the DB is listening to localhost only. There should not be any port there

    3. If you shared the WPMU DEV site access with them, make sure you change the password to that too

    4. If you have shared the access to SSH, make sure you revoke the access too

    After you complete the checklist, we can then count you safe. If you have any doubts or need any help, feel free to reply in the thread here.

    Regards,

    Prathamesh

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.