Suddenly, there is an unknown post on your WordPress website without your permission, worst of all it appears only on the frontend and can’t be deleted from the backend. This is a nightmare most WordPress users are quite familiar with.
As of the time of writing this article, this a current hack on multiple WordPress websites. I also came across a Reddit user with a similar problem which after helping him I was compelled to write an article for anyone looking for help to remove the unknown post on their WordPress website. In other to solve this mess of a hack you have to understand what lead up to this soft hack on your WordPress website.
It’s a simple database injection. Due to WordPress dependency on SQL makes it quite easy for hackers to inject codes into the database and gain unauthorized access. This is one of the biggest flaws of WordPress.
These malicious codes are injected through forms, login box, search box literally anything that takes user input. Due to most submissions on a WordPress website ae stored in the SQL database, all the hacker needs is to insert the code in form submission.
With this unauthorized accessto the SQL, post can be inserted or deleted depending on how friendly the hack is.
The solution to remove the unknown post from WordPress and increasing security.
Add Depender Plugin by WPMU DEV.
Make sure to change the database prefix from the default “wp”.
Activate limit on login trial.
Change the login URL from /wp-admin/ to another URL of your choice.
Activate the rest of the settings that suit your recommendation.
Add Salt Shaker Plugin.
Reset your WordPress salt daily automatically to increase security and reduce vulnerability.
Change the login password.
Removing the unknown post on the WordPress Website
Head over to the PHPMyAdmin.
Find “wp_posts” and click on it.
Note: if you had changed the prefix using the defender plugin it would be the new prefix _posts.
Find the injected (unknown) post via post_title. Using the PHPMyAdmin table column post_title, it would be easier to identify.
Once found delete the post.
Due to how vulnerable WordPress, hackers will always find newer ways to gain unauthorized access. Always have a security plugin.
Make sure all other plugins are update and avoid nulled plugins.