I have a website in which only blog section is created in WordPress, while other sections of the site are normal HTML pages.
For last few weeks, a bot or a person is successful in posting posts to my WordPress blog automatically, without having access to admin area. Sometime the posts are posted in previous dates, sometime on current dates and sometime scheduled for a future date.
Also it seems that they try to auto post comments against the blog post they add automatically, but I have disabled comments in WordPress settings. To overcome this, they continue to submit a contact form outside the WordPress installation folder. I added the code to let me know from which page the form is being submitted, each time its written http://example.com/wp-login.php?action=register
For the security measures, things done are:
– checked .htaccess file
– changed the default admin url /wp-admin/ to an other
– installed security plugin https://ithemes.com/security/
– checked admin area of wordpress, no user is present other than administrator
– updated the admin area password with extremely strong one
Any help in this regard will be highly appreciated. Thanks
Read more here: Auto posts being posted by someone in WordPress