I am using Godaddy managed wordpress hosting for a personal blog. My blog was down a few days ago because it is hacked! I used FTP to check the files and can see a lot of .php.suspected files.
It seems quite possible that there is a leak of the FTP login username&password. Maybe someone login my website folder via FTP and upload the malware/hacked files.
Is there a way to check the FTP login or upload/download history, perhaps via a log file? It would be perfect if I can see when/who (i.e. which ip address) logged in to my account and uploaded what files.
Hi @SuperSBGD. Unfortunately, there's no way to get a log of SFTP connections. However, a leak is not likely. More likely would be some form of compromise in a plugin or theme you're using. The best thing to do would be to change all your account related passwords and make sure all plugins and themes are up to date. You may also consider installing a security plugin like Wordfence.
Thanks for your reply.
How can I change my FTP password? I am on Managed Wordpress hosting. After I log in I can't see any option for changing FTP password. There is only a panel showing the FTP login details.
Did you ever get your site fixed?
I had the same thing happen to my site but never noticed it right away since the changes to my php files just reverted back to my older html site since those files were still on the server.
GoDaddy Support gave me no help. Before hanging up they had the nerve to say, "is there anything else I can help you with today?". They should be aware of a hack that is renaming files to php.suspected. I am wary of just renaming my files back to .php files since they may have compromised the content of those files.
I'm betting the problem is most of us are on a shared server.
If we ran our own dedicates server then of course any and all logs would be available.