Support » Plugins and Hacks » Hacks » Questionable Login

  • Our site was logged into using the username “wp-system”. It’s not one of our usernames, and I don’t recognize the IP. Has anyone experienced this?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)


    I assume you do not allow just anyone to register. Somebody was able to add the user by script, they picked an official looking name hoping owners would think it’s part of the system and leave it alone. Delete this user immediately. The larger issue is how was this user added and what else did they do with their access? Leave a back door?

    There are plugins and online scanners that help you locate malicious code. Find one and use it. Watch your site carefully for other signs of aberrant behavior.

    I looked at our list of users, and that name isn’t listed. We have Wordfence installed on the site, so I ran a scan and deleted what looked like a suspicious file. Is there any way to prevent this from happening in the future?

    Moderator bcworkz

    (@bcworkz)


    Couldn’t have logged in if not listed as a user. Perhaps they erased their tracks when they left? For good measure, change all your WP related passwords and those of any other administrators. Be sure to use good strong passwords and store them securely. This is your best defense. Still, check out Hardening WordPress for good measure.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Questionable Login’ is closed to new replies.