admin user automatically added

This happened on my website as well, occurring sometime between 24 July and 26 July based on my backup logs.

Three additional users: “admin,” “administrator,” and “root.” All three had MD5 hash passwords as presis_carsten described. All three with registration date “2010-03-01 11:06:24.”

No harm seems to have come to the website. No defacement or executable files uploaded, and it still shows clean on malware checks. Regardless, I am now taking the steps recommended by WordPress, as MacManX mentioned.

However, I am interested equally in knowing how this happened, so that I may prevent it from happening for the future. Where to start such an inquiry?

Presis would you like to compare lists of active plugins to see if there is some commonality between our sites?

No, I don’t use MailPoet.

Here are the plugins currently active on the site in question:

• Formidable
• Genesis Simple Edits
• Genesis Simple Hooks
• Google Universal Analytics
• iThemes Security
• Login Logo
• Page Restrict
• Post Types Order
• Redirection
• Toggle The Title
• Widget Logic
• WP-CopyProtect
• WP Retina 2x
• WP Survey and Quiz Tool

All plugins were up to date at the time, as was WordPress itself.

I’ve been monitoring closely the admin users since the incident last week, and things seem stable. I’m considering writing a quick PHP script that will use a SQL query to notify me when users are added, and add that to my web hosting crontab.