WordPress site compromised before completing installation

I was just starting out with setting up my WordPress website (LEMP stack), and I left my site on the /wp-admin/install.php page for me to continue the next day. When I checked on it today, it was installed without me, showing a messy layout and huge random Vietnamese text. Since I didn’t set up the installation, I didn’t create a WordPress account, so I don’t think I can log in. It doesn’t redirect me to any other site, and Google hasn’t marked the site as insecure.

I’ve checked the site on hack scanners like and it seems fine. Only Sitecheck says Nginx is outdated, though.

I admit I was still just in the middle of putting security measures in place. Do I continue doing so? Is there anything in particular I should do?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Hi there @NoodlesYum,

If this was a fresh new Droplet, I would recommend deleting it and deploying a new one, as the person who finalized the installation for you might have uploaded a backdoor and it would be quicker for you to deploy a new server rather than start looking for malicious files.

Hope that this helps! Regards, Bobby

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.