Possible vulnerability

WP 5.2.2

After installing WP and building our website, we started having a regular problem with someone hacking the site, stealing the User list (all 5), and other miscellaneous damage.

I could not determine how the hacker got in. The password is lengthy (24) and random. The ISP admins scanned for malware (found a couple minor ones, not this problem, though). Even after all of that, we could still be hacked.

I finally noticed that one admin account was always compromised: The one with a ID name of “0x1999”. (I do not recall how that came about.) It was always that account. When it was hacked, the userID and password were changed. After the last time it was hacked, I did not revert the userID to 0x1999; instead I chose an ID that started with a alphabetic character rather than numeric.

Since using the new userID, there has been no problem with security.

It could be that the hackers are simply no longer interested in our site given its paucity of marketable data.

Or, it could be a vulnerability in WP.

Has anyone else noticed this?