Prolet,
You can’t change the username unless you have a plugin that does it, or someone has access to your database and changed it.
Do you have any security plugins installed that may have changed this for you?
Thread Starter
Prolet
(@prolet)
Hi Ronald,
You are right, I didn’t change the username. I don’t have a plugin to do it and at least I will remember it if i did it 🙂
No, someone else did it. No idea how.
I am not aware of a plugin that can change the admin username.
In the mean time my host sent me an email to say there were a few illegal login attempts and attacks.
Also my FTP is off too 🙁 I can’t access it at all.
My plugins are:
Adminimize
Admin Toolbar Menus
Bainternet Posts Creation Limits
DP Article Social Share
EWWW Image Optimizer
Get page IDs
Paid Memberships Pro
PMPro Membership Manager Role
PMPro Roles
Theme My Login
User Role Editor
View own posts and media library items only
WangGuard
WP Backup Plugin
WP Facebook Open Graph protocol
WP Statistics
WP Super Edit
WP Symposium Pro
WP Symposium Pro (Extensions)
and today i installed BulletProof Security.
Well, I don’t want to try scaring you or anything, but it looks like you got hacked pretty good.
The fact that you can’t access your FTP means perhaps someone got in that way (or worse, has access to your hosting control panel). Once they get your FTP, they can get your database credentials, and then access your database to change your username. How did they get your FTP? Perhaps brute force, perhaps you connected to your site over public wi-fi… It’s a best guess thing at the moment.
You can follow these steps: http://codex.wordpress.org/FAQ_My_site_was_hacked
Run your site through here and see if there is any malware: http://sitecheck.sucuri.net/
The first thing I would do is contact your host and tell them you are locked out of FTP. They can guide you to ridding the errant account and creating a new one. Change every password you can think of to something very strong and impossible to guess (I use 1Password personally as my password manager).
Ask your host if they have any backups of your site and ask them to guide you from there (hopefully these backups are recent and before the possible intrusion).
Thread Starter
Prolet
(@prolet)
Dear Ronald,
Sorry for the delay in reply.
Unfortunately you were right.
All my 9 sites were hacked. I received an email from my hosting company to say that there were some “illegal attempts” to access my websites. The clean all of them was a nightmare.
I found out who the hacker is, but is that a helpful information? I don’t know.
I spent the last weeks to put a concrete firewalls around my websites. Before I felt secure with Wordfence Security but it turns out it is not so good.
I hope this nightmare will stay in the past and I will not experience it again. I wish the same to all wordpress site owners and developers!
Thank you for getting back to me and giving me directions!
