In February-March 2020, vulnerabilities were found in very popular plugins:
There are also many other plugins in which vulnerabilities have been found. We recommend checking the security of your site by checking for vulnerabilities for the themes and plugins used. We also strongly recommend not to use third-party developments or copies of paid extensions.
Information about the vulnerabilities found in plugins can be found, for example, on the following sites:
At the moment, the most common consequence of a hack is the installation of a redirect to third-party sites. If you have the specified plugins or you suspect that your site may have been hacked, we recommend that you follow the steps to elimination of vulnerabilities.
To eliminate the problems that have arisen, we highly recommend that you follow the following steps:
wp-config.phpand check the logs for the last few weeks / months. If such requests are found, then you should consider the possibility access restrictions for the IP addresses from which they were executed.