There were multiple junk posts on my WordPress site. Most of the junk posts were attributed to several users. But these users did not create these posts. I searched the background codes for hints on the code infusion or hacked code. But I did not see anything strange.

So I installed an activity logging plug in. Simple History Plug in has high rating. The setup was very simple, default is good.

After 24 hours, I saw a junk post “Long Term Recovery Groups Texas VOAD”. I checked the activity history and found it was created by an user. Since the user confirmed that he did not create the post, I suspected his account was compromised. His password was reset.

The junk posts stops for more than 48 hours so far. With this plug in, I have a better visibility on how posts were created. That would help WordPress site administrator to troubleshoot site problems.