Post-Compromise Triage SOP
When a site is hit, panic-restoring overwrites the evidence. Work the order.
— Step 1: Take the site offline or behind maintenance — stop ongoing damage first.
— Step 2: Snapshot the current state (files + DB) before changing anything; that's your forensic copy.
— Step 3: Rotate every credential: admin passwords, DB user, salts, API keys, FTP/SSH.
— Step 4: Diff core files against a clean WordPress checksum to find injected code.
— Step 5: Search wp_options and wp_users for unknown admin accounts and rogue autoloaded options.
— Step 6: Restore from a known-clean backup, then patch the entry point before going live.
Do this the moment you confirm a breach.
Run this every time.
Lockdown Ledger
@LockdownLedger
Post-Compromise Triage SOP
Этот пост опубликован в Telegram-канале Lockdown Ledger. Подписаться можно по ссылке: @LockdownLedger.