Many sites originating from an existing vulnerability in the Easy SMTP plugin, often used in WordPress sites, have been hacked.
Easy SMTP, which is used as an E-mail SMTP plugin, has a download of around 300,000 via WordPress. The 1.3.9 version of the Plugin has been redirected to different sites through the database of many sites originating from the open.
The user who adds Himself to the system subscribes to the Wp_user_roles database and has admin privileges by expanding their privileges. It also redirects the SiteURL address from the database to another address and directs the site visitors to sites that force them to make various downloads.
If your WordPress Site is Hacked Via Easy Smtp
First, you need to be able to access your site's database. If you can't get it Yourself, you can request support from a web designer. Even If you are not experienced in these matters, it will be more accurate to get professional support directly.
1-Replace the SiteURL line from the Data base with the URL that your site address should be.
2-Delete the user who has unauthorized self-adding from the Wp_users field in the Database. (Especially beware of these nickas; devidpentesting99, larryking99)
3-Delete all data from the Database from the Wp_usermeta field with the help of the unauthorized user's ID.
4-Check back all users through the Admin panel, delete the users you see suspicious.
5-Check your index. php file. Find and clear non-Familiar script tags.
6-Change the password of your Admin password database name and password as an extra email address
7-If you Still want to use this add-on update. (the update is known to close the deficit)
8-I found that the Yoast Seo plugin was affected by the attack. Now you will have to delete and reinstall the Yoast Seo plugin that I can recommend.
There is no clarity in my opinion about the depth in which This attack is a fresh attack. So It will be useful to scan your site with some viruses and malware plugins that you trust.
Keeping track of developments about this hack attack periodically will allow you To have more detailed information about the diameter of the attack.
for More detailed information; You can read the article published in the Block of Wordfance security plugin. Wordfance Easy Stmp
If you have encountered This attack or have more information about additional measures to repel the attack, it is helpful to share your information in the comments section.