Maybe hacked? All user names changed to admin (6 posts)

  1. davidknight42
    Posted 3 years ago #

    Hi All
    So I have a Wp site with about 50 users and over the weekend someone managed to change the username/login of every user to 'admin' All their other details stayed the same, but of course no one could log in.

    I managed to fix it all by manually changing the database, but am wondering if there is hole somewhere or something I should be concerned about.

    Im not aware of any way of changing those names through the admin panel, so am assuming it was directly done to the database. Seems a bit of an odd hack though, if they had access why did they only do that?

    If anyone has any ideas about this Id love to hear them!


  2. WPyogi
    Forum Moderator
    Posted 3 years ago #

  3. ran32608
    Posted 2 years ago #

    Happened to me too. Twice. First time all user_login names were changed to "admin", second time all were changed to "jar"

    After the first time, I paid a security expert to thoroughly review my entire server contents and he said he found a bunch of malware, hidden shell scripts or something like that. A few days after that the second event happened, all user_login names changed to "jar".

    I don't know what to do.

  4. WPyogi
    Forum Moderator
    Posted 2 years ago #

    Sounds like whoever you paid didn't do a very good job of permanently fixing the problem. Was it someone reputable?

    Have you talked to your hosting company - in case the issue is on the server?

    Do you have a backup of your site from before this happened in the first place?

  5. ran32608
    Posted 2 years ago #

    Right, apparently not, but from what I've read, there are some clever hacks that hide code in very sneaky ways.

    I have backups.

    I will talk with the hosting company, see what they say.

  6. WPyogi
    Forum Moderator
    Posted 2 years ago #

    there are some clever hacks that hide code in very sneaky ways.

    Yes, that's definitely true, unfortunately.

    If you have a backup from before this happened you might want to restore from that and then make your site as secure as you can. Along those lines, see:



Topic Closed

This topic has been closed to new replies.

About this Topic