Title: Login Alerts Last modified: August 24, 2016 --- # Login Alerts * [paulgul](https://wordpress.org/support/users/paulgul/) * (@paulgul) * [10 years, 11 months ago](https://wordpress.org/support/topic/login-alerts/) * Over the last couple of days I’ve been receiving email alerts typically stating: A user with username “backup” who has administrator access signed in to your WordPress site. User IP: 92.62.129.97 User hostname: 92.62.129.97 User location: Republic of Lithuania The username is always Backup but the other details are the same. Does this mean someone has actually managed to login or is it an attempt to log in. I should say I am the only user of this wp site and I do not have the username “backup” I have now changed the login password * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/) Viewing 4 replies - 1 through 4 (of 4 total) * [johngubba](https://wordpress.org/support/users/johngubba/) * (@johngubba) * [10 years, 11 months ago](https://wordpress.org/support/topic/login-alerts/#post-6175284) * I received the exact same email with the same User IP in Lithuania. I manually blocked this IP using wordfence – the free version. * This then reported to me: Republic of Lithuania Republic of Lithuania IP: 92.62.129.97[ unblock] [permanently blocked] Reason: Manual block by administrator Hostname: 92.62.129.97 No attempts have been made to access the site since this IP was blocked. 0 hits before blocked 0 blocked hits Permanently blocked * If it is correct that there have been no hits before blocked then the email from wordfence is either: incorrect or a rogue selling technique * anyone with any advice on this would be most welcome * [ryanlit5797](https://wordpress.org/support/users/ryanlit5797/) * (@ryanlit5797) * [10 years, 11 months ago](https://wordpress.org/support/topic/login-alerts/#post-6175353) * Same thing here. It is happening to 3 of 3 wordpress installations (all have the current release of Wordfence installed). A new user created in each one. * A user with username “backup” who has administrator access signed in to your WordPress site. User IP: 92.62.129.97 User hostname: 92.62.129.97 User location: Republic of Lithuania * [WFBrian](https://wordpress.org/support/users/wfbrian/) * (@wfbrian) * [10 years, 11 months ago](https://wordpress.org/support/topic/login-alerts/#post-6175365) * Hi all, * Have you all checked you WordPress users table? On a personal site, I experienced a hack where a new user was created and had to delete the user out of the table. * If a new user has been created, you’ll want to update all themes and plugins. * [https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/](https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/) * Tips from WordPress Codex: [https://codex.wordpress.org/FAQ_My_site_was_hacked](https://codex.wordpress.org/FAQ_My_site_was_hacked) * -Brian * Thread Starter [paulgul](https://wordpress.org/support/users/paulgul/) * (@paulgul) * [10 years, 11 months ago](https://wordpress.org/support/topic/login-alerts/#post-6175406) * Hi Brian, thanks for the tip, on checking my user tables I found 4 entries that should not have been there all with admin rights, one of them was for user “Backup”. I have now deleted these entries. I’ll now check my site for any signs of hacking although a quick look yesterday didn’t reveal anything. Paul Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Login Alerts’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [alerts](https://wordpress.org/support/topic-tag/alerts/) * [attempt](https://wordpress.org/support/topic-tag/attempt/) * [login](https://wordpress.org/support/topic-tag/login/) * 4 replies * 4 participants * Last reply from: [paulgul](https://wordpress.org/support/users/paulgul/) * Last activity: [10 years, 11 months ago](https://wordpress.org/support/topic/login-alerts/#post-6175406) * Status: not resolved