So I have a Wp site with about 50 users and over the weekend someone managed to change the username/login of every user to 'admin' All their other details stayed the same, but of course no one could log in.
I managed to fix it all by manually changing the database, but am wondering if there is hole somewhere or something I should be concerned about.
Im not aware of any way of changing those names through the admin panel, so am assuming it was directly done to the database. Seems a bit of an odd hack though, if they had access why did they only do that?
If anyone has any ideas about this Id love to hear them!