Auto posts being posted by someone in WordPress

I have a website in which only blog section is created in WordPress, while other sections of the site are normal HTML pages.

For last few weeks, a bot or a person is successful in posting posts to my WordPress blog automatically, without having access to admin area. Sometime the posts are posted in previous dates, sometime on current dates and sometime scheduled for a future date.

Also it seems that they try to auto post comments against the blog post they add automatically, but I have disabled comments in WordPress settings. To overcome this, they continue to submit a contact form outside the WordPress installation folder. I added the code to let me know from which page the form is being submitted, each time its written http://example.com/wp-login.php?action=register

For the security measures, things done are:

I have
– checked .htaccess file
– changed the default admin url /wp-admin/ to an other
– installed security plugin https://ithemes.com/security/
– checked admin area of wordpress, no user is present other than administrator
– updated the admin area password with extremely strong one

Any help in this regard will be highly appreciated. Thanks

Read more here: Auto posts being posted by someone in WordPress

Leave a Reply

Your email address will not be published. Required fields are marked *