Well, someone has been trying to hack two of my Wordpress sites for several weeks. I was getting several notices from iThemes Security. They could never get even close to the username and password. IP location showed multiple places around the world. Over the last couple of days, they started some sort of scanning for vulnerable files - again I was notified by iThemes Security. I had security set pretty high, even one 404 and they would get locked out permanently. Even two wrong guesses on username and password, and they were locked out permanently.
None the less, they somehow got in this morning at www.doman1.com and www.domain2.com. Fortunately, I had everything backed up with iThemes Backup Buddy (including data base), and I was back up within an hour (for one site).
Problem is - if i don't know exactly how they got in, I don't know that they can't hack my site again.
Therefore, I don't know where to go from here - to avoid it again?
The message left on my main page (both sites)
Edited by TCH-Bala, 21 February 2017 - 07:05 PM.
removed domain name from response to protect identity