Admin User Created automatically

  • Resolved raghavendra89

    (@raghavendra89)


    10 years, 7 months ago

    Hi,

    We are using Wordfence premium in 4 of our client’s sites.(Unfortunately I couldn’t get the Wordfence login details, otherwise I would’ve got the premium support).

    We are facing this strange issue. An admin user named dpr19 is automatically created in the WordPress. We also received this email from Wordfence:

    A user with username “dpr19” who has administrator access signed in to your WordPress site.
    User IP: 74.208.231.117
    User hostname: u17358566.onlinehome-server.com
    User location: Wayne, United States

    We tried adding the ‘dpr19’ to this list ‘Immediately block the IP of users who try to sign in as these usernames’. But it isn’t working.

    Any idea how this user is able to get into the site and add himself as admin user?
    Is there an option to block adding the user with admin rights? Also do you have any suggestion on how to solve this?

    Thanks,
    Raghav

    https://wordpress.org/plugins/wordfence/

Viewing 1 replies (of 1 total)
  • Plugin Author WFMattR

    (@wfmattr)

    10 years, 7 months ago

    This most likely means that you have outdated plugins, themes, or WordPress core files on the site, or insecure/compromised passwords on any part of the site (FTP, MySQL, the hosting control panel, etc.) If the user is still added when the IP address is blocked, the hacker is probably able to get to your database without going through WordPress, or they are able to add non-WordPress .php files that they can access directly — you may be able to find the php file they are accessing by searching for that IP address in your site’s access log. (They may use a different IP for that part though.)

    It can also happen if you have multiple sites on the same hosting account, and one of them is out of date, including if you have a test site, or an old version of the site that is still accessible from the internet.

    We have a guide to cleaning hacked sites with Wordfence here, which can also help you find the source of the infection:
    How do I clean my hacked site using Wordfence?

    -Matt R

Viewing 1 replies (of 1 total)

The topic ‘Admin User Created automatically’ is closed to new replies.