WordPress admin password in free acces

  • Delagardi

    (@delagardi)


    7 years, 6 months ago

    Hi

    I have a site that was develop 2 years ago. Today some guy said me that admin access of my site are in free access.

    How it can be?

    Site was developed by one small webagency. I checked in DB wp_users and saw only one fake user added couple years ago (it seems for testing). I do not see my actual admin acces at this table.

    Where I can find it? Any search on DB by login name do not give me any results.

    Wordpress version is 4.5.15

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    7 years, 6 months ago

    What do you mean “in free access”? If you mean that the password is known, then change it to something stronger.

    Also, WP is at 4.9.8. You should consider upgrading.

    Thread Starter Delagardi

    (@delagardi)

    7 years, 6 months ago

    I mean that any can read and (maybe) change it.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    7 years, 6 months ago

    That seems unlikely, unless your site has already been hacked. Do you have any more details?

    Thread Starter Delagardi

    (@delagardi)

    7 years, 6 months ago

    I have admin access for this site but I cant talk with this guy. Maybe he want to blackmail me.

    What details would be usefull here?

    And, btw, I dont understand is this normal that at wp_users table in DB I cant see rows with my access?

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    7 years, 6 months ago

    Install the plugin WordFence and do a “high sensitivity” scan. Does it report anything interesting?

    How are you looking at wp_users? Via PHPMYADMIN? You should be able to see all rows. One sign of a past hack is that there are rows in wp_users with unrecognized user names. Also, look for rows in wp_usermeta that have keys pointing to missing rows in wp_users.

    And, upgrade WordPress and all plugins and themes to make sure you’re on the most secure versions possible.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘WordPress admin password in free acces’ is closed to new replies.