Support » Plugin: Wordfence Security - Firewall & Malware Scan » An admin user with the username […] was created outside of WordPress

  • I transferred the database + uploads folder from a staging server to production server and in Wordfence scans this issue is shown:

    An admin user with the username […] was created outside of WordPress

    Why does Wordfence detect this issue?
    Dismissing the issue as solved won’t prevent it reappearing in the next scan.
    Creating a new user and deleting the old one is too tedious/risky for me.

    How can I change the user/database to make the user legitimate?

    • This topic was modified 2 years, 8 months ago by strarsis.
Viewing 13 replies - 1 through 13 (of 13 total)
  • Hi @strarsis,
    How was this user created in first place? via normal WordPress Dashboard? I doubt it’s only the migration from a staging server to a production one caused this issue.

    Just a side note, if you want to ignore this issue in future scans, you can click on “Ignore this issue” not “I have fixed this issue”.

    Thanks.

    Hi wfalaa,

    it may be that also the password hash has been modified.
    Ignoring the issue would be an option – however, I would still prefer fixing the underlying cause. Is a mismatching hash causing it? Can I somehow recreate the user without risk?

    Thanks in advance.

    I think we need to know first if this user has been created with any other way than the default (WordPress > Users) page or not? like:
    – If you have any plugin that manage users?
    – Or if the user was created directly via the database?

    Finally, could you try to deactivate the plugin and re-activate it again then run a new scan? we have seen this worked on a couple of websites where -most probably- other plugins were the cause for this issue.

    Thanks.

    I’ve seen this happen on 2 of my sites in the same hosting environment. I have no idea how this happened. Not sure if this is needed by a plug-in or if it is a hack. Very disturbing.

    Interesting enough that the user ID was the same on both sites and no email address was in the user record.

    I just received this message today regarding one of my sites. The message claims that two of my users were “created outside of WordPress”.

    I created both of these users myself months ago in the typical way: Dashboard > Users > Add New.

    I also don’t want to just ignore this. Why did it happen?

    For me, this is a legitimate notification.

    I am working with a client who gave me access to the hosting account. I created a user for me via phpMyAdmin. I know it and the client knows it.

    The message always pop up. We would like the notification to be deleted forever – not just put on another tab. Can this be done?

    Herzog

    (@therewardboss)

    I just had this message. I have hundreds of “An admin user with the username xxxxxx was created outside of WordPress.

    There’s nothing I did recently and the users are ONLY created through wordpress.
    I double checked there is still only 1 admin user (me) and when I spot check a few of the names, they show up as subscribers. It’s giving me a critical warning.

    any advice?

    Herzog

    (@therewardboss)

    I’m not using that kind of plugin. I do have Easy Updates Manager but it doesn’t really work well I think b/c its on godaddy which blocks cron jobs. But EasyUpdates Manager doesn’t have anything to do with users.

    A remote management app needs to logon to do its work. I think that they create a user via permissions you grant when you sign up for the service. Ask the vendor.

    Herzog

    (@therewardboss)

    Even if you are saying that this easy updates manager is a “remote management app” which I don’t think it is, I got a warning of HUNDREDS of admin user accounts created. Not one. And those do not appear in WordPress as admin user accounts. I checked. There is only one admin account.

    Also I have this setup for over a year. No new plugins so if this plugin was the culprit, I would think it would trigger this warning sooner. Doesn’t make sense.

    As I said, I’m just guessing. I never figured out how it happened but I thought it had something to do with GoDaddy technical support and their external WP management console. I deleted all the “strange users”. I also had a plugin at one time that allowed people to create a user account via Facebook or Twitter social media. I did not like that and removed the plug in.

    It may be some vulnerability in a plugin that is being exploited. I require all new users to verify their email address or be approved by an admin depending on the site. I never allow unmoderated user account creation because of robot registrations and spammers.

    Herzog

    (@therewardboss)

    It’s not really practical to delete just those users that are listed in the email. I think it may be every user. I can’t look them up one by one and delete them. Now the site doesn’t really require you to sign in for anything except if to add some content, but most users just read the content, so not the end of the world I just feel like I’m throwing out the baby with the bath water.

    Further it’s confusing, wordfence say they have admin access but WordPress backend disagrees – they are just Users. That’s what’s really bugging me. Why does it say they are admin but they are not?

    Btw are you a user or part of the plugin support team?

    Just a user who had the same issue.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘An admin user with the username […] was created outside of WordPress’ is closed to new replies.