Quick summary
A WordPress security note about reviewing a compromised-looking site from dashboard access only and outlining the deeper cleanup path.
The problem
The initial access was limited to wp-admin, but suspicious files and theme compromise indicators still needed to be reviewed and documented.
What I checked
- Available WordPress admin access
- Backup plugin export options
- Security scan results
- Suspicious plugin-like files with misleading names
- Active theme compromise indicators
What I changed
- Downloaded the available backup for offline review
- Started security scanning from the dashboard
- Identified suspicious injected files using misleading names
- Reviewed active theme compromise indicators
- Outlined the clean-file replacement path for core, themes, plugins, permissions, database, and users
Result
The review established the likely compromise pattern and made clear which cleanup work required FTP or full filesystem access.
What I'd watch next
- Whether full filesystem access is provided
- Whether clean core, theme, and plugin copies can replace modified files
- Whether user access and database records are reviewed after file cleanup