Does anyone have a solution to prevent injection hacks on their Wordpress sites?
In particular, stopping some of these apparent injection hacks from MoroccanWolf. Google "AD4-Hacked by Moroccanwolf" and you'll see this guy all over the place.
I've had several sites get hacked and I can't figure out the entry point.
I've had sites with all kind of security plugins get hit -- Wordfence, All In One Security, iThemes Security, Limit Logins, etc. I'm pretty sure it's not a password attack since I don't see any kind of evidence in the retry log. I had a site with just the stock WP installed and even that got whacked so I don't think it was a plugin exploit...unless it was Akismet...That's why I'm suspecting some kind of injection.
The 3 things that seem to get changed are the Title, some junk getting inserted into the text widget, and the UTF encoding.
Thanks for any ideas.