First they want free internet access. Next can just be war driving as a hobby; finally they might targeting your network for financial get more.
Plugins - Plugins, especially out-dated ones, are a really great place for hackers to conceal code. Why? Firstly, because people often don't think to log into the website to check updates. Two, even they will do, builds up like upgrading plugins, because it takes opportunity. It can also sometimes break functionality on a site. Thirdly, because factors tens of thousands of free plugins, some turn easy to compromise into to begin with.
Media Uploads Directories - Most everyone has their media files set to the default, using directories for image files based on months and years. This creates many various folders for images to be uploaded to--and many opportunities for hackers to be able to plant something within those folders. Because you'd rarely ever assess all of the above folders, does one use find the suspicious viruses.
Delete all plugins and reinstall them. This can be time-consuming, but it wipes out any vulnerabilities in the plugins folders. It's a good idea to first create a backup of the site (there are paid and free backup plugins for WordPress) before ingredients deleting and reinstalling.
When notice the scanning activity in your firewall logs, you'll know where you're being scanned from and what they're having to target. Along with that data you should check to see if you're running software that uses that port and are going to has any newly discovered openings. For those who are using software listening on that scanned port and there's absolutely nothing a patch available, you ought to have that patch applied immediately - because hackers may have heard something essential to.
The second line within log file above is produced by Africa. Port 5900 is VNC which can be used by many, many system administrators to remotely url to a system to perform maintenance attached to it. This software has had a few exploits a single just during facebook hackers the past year allowed the attacker to possess remote control of the system with VNC installed and not have to crack any passwords!
Funny how negative situations can be turned around into positive ones. These little monsters got the juices flowing and look, we are creating yet another opportunity for you all the bad, in order to its primary element.