WordPress.org

Ready to get started?Download WordPress

Forums

Help - I have a Mystery Admin Person (5 posts)

  1. cjh510
    Member
    Posted 4 years ago #

    After just reading the hacking Hack Warning - I'll be more on top of updates!

    My "User" accounts show 3 Admin users, 2 of them are me. The 3rd one does not show anywhere ... thus I can't delete it.
    Also there has been 4 "subscribers" added, and I'm not allowing subscribers, only admin can add subscribers.

    How can I delete this mystery admin person?

    The rest of my site looks ok. I'm concerned about the admin thing though because this Password was the same as my PayPal password, and my PayPal has fraud transactions in it.

    I have changed both my admin passwords - as well as my paypal Password (and no they aren't the same) but am thinking they got my email & just tried paypal and lucked out ....

    Thank you for your help!

    Cindy Holbrook

  2. @mercime
    Volunteer Moderator
    Posted 4 years ago #

    Yeah, you've been hacked. You should upgrade your installation to 2.8.4, there's been a lot of advisories about hackers getitng into older versions of WP. You would have to delete the unauthorized admin and subscribers via phpmyAdmin. First, back up your database. For good measure, export your XML as well for additional backup.

    Check out this tutorial on restting your password via phpMyAdmin to get a sense of the wp_users table looks like. Stop reading the instruction at Image #4 where you will see the other admin and illegal subscribers. So click on the X on the rows of unauthorized users (make sure you know that they are) and you will delete their info from your database. Right after that, upgrade to 2.8.4 ASAP.

  3. cjh510
    Member
    Posted 4 years ago #

    Mercime, Thanks for directing me to the link ...

    When I download 2.8.4 will it fix any issues that may have occurred?

    Cindy

  4. elizabethrichardson
    Member
    Posted 4 years ago #

    I've had the same issue with multiple sites.

    I went into php myadmin >> databases >> wp-users >> browse ... and was able to delete the extra users from there.

    I also found hacked php code in the 404.php page template andf archives.php page template.

    I removed the code and the bogus admin users before I upgraded. Seems to be fine now.

  5. elizabethrichardson
    Member
    Posted 4 years ago #

    To help clean your website after you've discovered an infection, I found it vital to do a MANUAL INSTALL of wordpress 2.8.4 instead of using the auto upgrade.

    Delete wp-admin and wp-includes (after taking backup copies of course) and do a fresh install with fresh files downloaded from here.

    Deleting and manually installing the theme files and plugins also highly recommended...especially with plugins that have image files or are money generating.

Topic Closed

This topic has been closed to new replies.

About this Topic