Good catch noting the number difference. Look at the database wp_users and wp_usermeta tables for the three additional users.
I have no idea how to do that. Could you give me a little help?
It’s amazing what Google searches can find for you. This link is about how to add a password directly into the database: http://www.wpbeginner.com/beginners-guide/how-to-reset-a-wordpress-password-from-phpmyadmin/
Use the info to determine if there are users you didn’t add. If there are bad entries remove them by doing the opposite of adding them.
Thank you very much for your help!
Did you find extra users you didn’t add?
Not that is obvious to a newby like me. 🙁
Were you able to find the tables? The wp_usersmeta is a little busy when you look at it the first time. But the wp_user is just like a spread sheet it should only have two lines in it. Those are your two admin users and you should recognize the data there. Id there are more than two, then there is a problem.
There are only two users in the wp_users table, the same ones that are listed in my users list in wordpress, but there are is bunch of stuff in the wp_usermeta table that I don’t recognize.
Note the two user id’s from wp_user ID field. Then look at the wp_usersmeta user_id field. That column should only contain same two user id’s. There will likely be several pages of information. Look through each page for any number but your two.
If you find any additional numbers, you can check the box and delete the row.
Let me know if you find any wrong numbers. I do this all the time, so if I didn’t explain something clearly ask me before you delete anything.
I’m about to go off line for a few hours. Even if you found nothing bad in the database, I may have some ideas about keeping your site more secure. Come back when you have the time and we can talk about it. There’s something wrong somewhere with your extreme number of hacks.
Also if you find nothing, maybe someone can tell us why the math is wrong in your user count.
remember – before you make any changes to your database BACK IT UP. This way if you do something extremely bad, you can get back to where you are right now.
And go thru the hardening process. If you have a way the hackers can get in and don’t plug it, you will be hacked again and again.
wslade,
I did find a very large number of lines in the wp_usermeta table that were neither of the two valid user ID so I deleted them. It worked! The user count is now correct. 🙂
juggledad,
This is the first time I’ve heard about hardening my website. Thanks for the tip! I did a google search and found very many hits. Could you direct me toward where I should start?
Go back and look at my first post and follow the links.
Cool! You can’t call yourself a newbie anymore. Anyone who has poked around in the database is no longer a beginner.
I know you were asking someone else, but Wordfence is my plugin of choice to protect my sites. Install the plugin and then go to Dashboard > Wordfence > Options > “Scans to include” and put a check mark in every box in that section. Then run a scan. This is a great tool for everyday protection too.
With all the hacking activity your site has had, there may still be malware. Let me know if the scan finds anything.
