I had to do various convoluted things to clean and restore my database and various other convoluted things to prevent this from happening again. I had only barely finished when one of the new security plugins reported:
|Site Lockout Notification|
|Host/User Lockout in Effect Until Reason|
Host: 18.104.22.168 2020-05-05 19:09:02 too many bad login attempts
Which IP is in a range of a Chinese ISP from the Alibaba group. To be fair, it’s probably just one of a pool of hacked devices spread all over the world. EDIT: Since I activated notifications, I see at least one blocked brute force login attempt every day.
I’ve also disabled comments, since I get nothing but spam anyway.
This is a reminder to everyone with a wordpress site to install enough plugins for backup and security. Without backup in place, I would probably have lost most of my site.