Question
WordPress site compromised before completing installation
I was just starting out with setting up my WordPress website (LEMP stack), and I left my site on the /wp-admin/install.php page for me to continue the next day. When I checked on it today, it was installed without me, showing a messy layout and huge random Vietnamese text. Since I didn’t set up the installation, I didn’t create a WordPress account, so I don’t think I can log in. It doesn’t redirect me to any other site, and Google hasn’t marked the site as insecure.
I’ve checked the site on hack scanners like http://sitecheck.sucuri.net/ http://isithacked.com/ http://www.unmaskparasites.com/ and it seems fine. Only Sitecheck says Nginx is outdated, though.
I admit I was still just in the middle of putting security measures in place. Do I continue doing so? Is there anything in particular I should do?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×