Support » Plugin: Wordfence Security - Firewall & Malware Scan » An admin user with the username … was created outside of WordPress

  • Herzog

    (@therewardboss)


    Hello,
    I got a warning that hundreds of users were created as Admin. Here’s the error message. I’ve checked there is still only 1 admin user (me), the rest are subscribers. I also spot checked some of the users were created last year (I get an email for each new user signup since there doesn’t seem to be a log in WP that captures the creation date).

    An admin user with the username […] was created outside of WordPress

    1) So, why does wordfence think it’s a new admin user (when there is no extra admin accounts)?
    2) How can I fix this? It doesn’t make sense to delete them since some appear to be real (and they are listed as confirmed so I think they went through the normal WP process).

Viewing 4 replies - 1 through 4 (of 4 total)
  • I’ve seen it happen when visitors are told to login to leave a post. Then they become a USER.

    Herzog

    (@therewardboss)

    Yes, users are required to register before they can post anything. That’s been this way for years and I never got a message that hundreds of admin accts have been created. I would be great if the author of the plugin could respond.

    Plugin Support wfalaa

    (@wfalaa)

    Hi @therewardboss
    Please go to (Wordfence > Tools => Diagnostics) and click on “Send Report by Email” button at the top of the page, you can send the report to “alaa [at] wordfence [dot] com”, make sure to include your forum username, I will take a look at this report and let you know my findings.

    Thanks.

    Herzog

    (@therewardboss)

    sent

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.