Hmmm, so actually it would be safer for each domain to be set up as a separate user then?
[quote=“rob_la, post:14, topic:55845”]
So I am thinking compromised local machine or compromised Dreamhost FTP system. In terms of my local machine, scans reveal nothing and all of the other sites I have on other hosting companies have not been hacked.[/quote]
If someone was determined to steal passwords via a worm, it might be effective to delete the vector once the task was accomplished rather than leaving it behind for someone to discover, analyse, and create a way of preventing attacks in future…
Just a thought.[hr]
[quote=“Dickman91, post:15, topic:55845”]
I should also note that bc of the 1-click install, I never used an FTP client for that site, just adjusted from the WP admin panel.[/quote]
Unless you use https, whenever you log into your WP admin panel, your username and password are being sent unencrypted. Once that admin panel is compromised, you can install a plugin such as ‘add from server’ or modify a theme to get access to anything within that user account.