I was just starting out with setting up my WordPress website (LEMP stack), and I left my site on the /wp-admin/install.php page for me to continue the next day. When I checked on it today, it was installed without me, showing a messy layout and huge random Vietnamese text. Since I didn’t set up the installation, I didn’t create a WordPress account, so I don’t think I can log in. It doesn’t redirect me to any other site, and Google hasn’t marked the site as insecure.

I’ve checked the site on hack scanners like http://sitecheck.sucuri.net/ http://isithacked.com/ http://www.unmaskparasites.com/ and it seems fine. Only Sitecheck says Nginx is outdated, though.

I admit I was still just in the middle of putting security measures in place. Do I continue doing so? Is there anything in particular I should do?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer

Hi there @NoodlesYum,

If this was a fresh new Droplet, I would recommend deleting it and deploying a new one, as the person who finalized the installation for you might have uploaded a backdoor and it would be quicker for you to deploy a new server rather than start looking for malicious files.

Hope that this helps!

Submit an Answer