WordPress.org

Ready to get started?Download WordPress

Forums

Questionable Login (4 posts)

  1. cinemacoma
    Member
    Posted 1 year ago #

    Our site was logged into using the username "wp-system". It's not one of our usernames, and I don't recognize the IP. Has anyone experienced this?

  2. bcworkz
    Member
    Posted 1 year ago #

    I assume you do not allow just anyone to register. Somebody was able to add the user by script, they picked an official looking name hoping owners would think it's part of the system and leave it alone. Delete this user immediately. The larger issue is how was this user added and what else did they do with their access? Leave a back door?

    There are plugins and online scanners that help you locate malicious code. Find one and use it. Watch your site carefully for other signs of aberrant behavior.

  3. cinemacoma
    Member
    Posted 1 year ago #

    I looked at our list of users, and that name isn't listed. We have Wordfence installed on the site, so I ran a scan and deleted what looked like a suspicious file. Is there any way to prevent this from happening in the future?

  4. bcworkz
    Member
    Posted 1 year ago #

    Couldn't have logged in if not listed as a user. Perhaps they erased their tracks when they left? For good measure, change all your WP related passwords and those of any other administrators. Be sure to use good strong passwords and store them securely. This is your best defense. Still, check out Hardening WordPress for good measure.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.