I was just starting out with setting up my WordPress website (LEMP stack), and I left my site on the /wp-admin/install.php page for me to continue the next day. When I checked on it today, it was installed without me, showing a messy layout and huge random Vietnamese text. Since I didn’t set up the installation, I didn’t create a WordPress account, so I don’t think I can log in. It doesn’t redirect me to any other site, and Google hasn’t marked the site as insecure.

I’ve checked the site on hack scanners like http://sitecheck.sucuri.net/ http://isithacked.com/ http://www.unmaskparasites.com/ and it seems fine. Only Sitecheck says Nginx is outdated, though.

I admit I was still just in the middle of putting security measures in place. Do I continue doing so? Is there anything in particular I should do?