Support » Plugin: Wordfence Security - Firewall & Malware Scan » An admin user with the username ##### was created outside of WordPress.

  • Resolved Paligula

    (@paligula)


    Hi.

    In the scan results this morning I got this warning:

    An admin user with the username ##### was created outside of WordPress. It’s possible a plugin could have created the account, but if you do not recognize the user, we suggest you remove it.

    The admin user that the warning refers to is one that I created the night before using the WordPress Users – Add New. The username I created does not contain words admin, or administrator.

    Should I be getting this alert in scans for an Administrator Account I created?

    I thought this warning was only for admin accounts created by a plugin, in the database directly, or some other means? Not for admins you create manually using WordPress Add Users?

    If I ignore this warning will Wordfence still warn me if an admin does get created by a plugin? etc? Same for Marked as Fixed? If mark as fixed is selected will Wordfence still warn me if an admin does get created by a plugin? etc?

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • I don’t believe WF is that specific… it’s quite likely that it simply checks the current Admin user list and compares to the Admin list from its last check and notes any difference.

    As their message says, if it’s a user you do not recognize, then you remove it – the implication then being that if you DO recognize the user, you can safely ignore the warning.

    Wordfence is not meant to replace you having to think about your website – it simply flags differences for you to note and then make a more informed decision about taking further action.

    You drive the tool, it doesn’t drive you!

    Hi @paligula
    May I ask if you have any membership related plugin? any plugin that might perform actions on the users list you have on your website? I understand you have created this user manually, but any of these plugins might alter some of the users’ roles/permissions afterwards, just wanted to clear this assumption first, otherwise yes, you can ignore this issue if you do recognize this user and it won’t appear in the scan results again.

    Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘An admin user with the username ##### was created outside of WordPress.’ is closed to new replies.