Support » Fixing WordPress » I was HACKED – new user added as Administrator and Keymaster

  • I was working on my site over the weekend and noticed some linked text for an online casino inserted in the midst of some content on my homepage. I immediately deleted the block that contained this text. I think checked the list of users and noticed a new user (named Ann Smith with an e-mail like 11@11.com or something) that had Administrator and Keymaster roles (I think the Keymaster is associated with bbpress). I deleted this user right away, and have since changed the passwords for my hosting service and wp-admin.

    My question is this: how did this person get into my site and what do I need to do to make sure this doesn’t happen again? Also, I did not get notified that a new user was added, how do I make sure I get these notifications in the future?

    I keep my plugins updated, but at the time this happened I had not yet updated my theme (which is Make) because I had some coding issues I had to figure out. I have since handled that and updated my theme. I use a plug in called Clean Talk to handle spammy comments, etc., but is there something else I should be doing? I know my site was EXTREMELY vulnerable when this user was active and this could have been a much worse issue. Any help here is very much appreciated!!

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘I was HACKED – new user added as Administrator and Keymaster’ is closed to new replies.