Support » Networking WordPress » Hidden Superadmin accounts following hacked site?

  • dgilmour


    My site was affected by the recent malware incident.

    While sorting that out I removed superadmin privileges until these accounts had passwords confirmed reset. During that, I notice that the count of superadmins displayed above the user list is 5, although only 1 superadmin account is listed.

    I am concerned this could mean that rogue accounts have been created and are being hidden in some way. Can anyone point me to a process for dealing this situation? I have a reasonable idea how the database tables work, but no idea how accounts can be hidden, or what to do about that.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Jackson


    When they insert the users into the DB, they sometimes include .js which can hide the row in the list of users. If you find superadmins in your user table that you did not add, I would treat this as a compromise and install fresh and restore from backups.

    You can use PHPMyAdmin to delete the users from the DB directly, and change your salts in wp-config.php

    Let us know how it goes.

    Also worth checking out is the excellent Exploit Scanner plugin.

    Andrea Rennick


    Customer Care at Copyblogger Media and Studiopress

    Yeah there was a hack going around on single sites that did the same.



    @jackson: I’d already done a fresh install, and was hoping to avoid having to restore from backups; I don’t know exactly when things were malware free, and it’s a busy site with approx 100 posts per day.

    Have used MySql command line to delete the excess superadmins. I used Andrea’s advice here to find out what to change:



    You should at a minimum, run Exploit Scanner, re-install your themes and plugins, and reset your MySQL db password and secure your wp-config.php file.

    Exploit Scanner will uncover some of the more common stuff.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Hidden Superadmin accounts following hacked site?’ is closed to new replies.