>> they even get the ‘administrator’ rights <<
Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.
i’m not panicing 😉 just wondering how this is possible , Ithemes security is running, and there is not one page where it is possible to register new users, that’s whats worries me. Also , i’ve got now 3 wordpress sites with the same problem since the last update, never had any problems with this since 2014
You’ve been hacked. It may be that the hack is do to poor config on the host part or that you’re running (or ran) a vulnerable plugin.
You’ll need to clean your sites.
@jepe63 It looks like your problem is with the ConvertPlus plugin, I’d advise removing it or looking for a patch:
| [!] 1 vulnerability identified:
| [!] Title: ConvertPlus <= 3.4.2 – Unauthenticated Arbitrary User Role Creation
| Fixed in: 3.4.3
| – https://wpvulndb.com/vulnerabilities/9325
| – https://www.wordfence.com/blog/2019/05/critical-vulnerability-patched-in-popular-convert-plus-plugin/
| – https://vimeo.com/339193628
| – https://www.convertplug.com/plus/version-3-4-3-security-update/
| The version could not be determined.