Title: reporting a hack (unauthorized user and posts) Last modified: August 20, 2016 --- # reporting a hack (unauthorized user and posts) * Resolved [wpbless](https://wordpress.org/support/users/wpbless/) * (@wpbless) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/) * Appears someone got past Akismet. Daily posts (basically ads) have been appearing on one of my blogs since March 21. Not related to the blog. * I got into WordPress to do some fixing and investigating, but it started spinning and spinning and doesn’t load any pages. Viewing 15 replies - 1 through 15 (of 20 total) 1 [2](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/page/2/?output_format=md) [→](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/page/2/?output_format=md) * [esmi](https://wordpress.org/support/users/esmi/) * (@esmi) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664656) * Are these posts or comments? Site url? * Moderator [t-p](https://wordpress.org/support/users/t-p/) * (@t-p) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664657) * review: * [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779) [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/) tutorial how to fix hacked WP blog: [http://www.jtpratt.com/how-to-fix-a-hacked-wordpress-blog/](http://www.jtpratt.com/how-to-fix-a-hacked-wordpress-blog/) * Then implement security tips of this guide to harden your WP installation: [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress) * [Malware Scan ](http://sitecheck.sucuri.net/scanner/) * Thread Starter [wpbless](https://wordpress.org/support/users/wpbless/) * (@wpbless) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664659) * Posts. They somehow got a user account. I don’t recall approving them, but it’s possible. Am trying to get in there to see why I didn’t get pre-approval notices prior to all these posts. * Am going to go through records/emails to see if I can find some notice about when this user registered. * Thread Starter [wpbless](https://wordpress.org/support/users/wpbless/) * (@wpbless) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664660) * I logged in to WP (really slow since 3.3.1) and went to Users and saw this user. Tried to go to Posts and Dashboard… and the blank page just spins and never loads. Can’t even get back to the Users page now. * [esmi](https://wordpress.org/support/users/esmi/) * (@esmi) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664662) * Then it’s likely that your site has been hacked. See t-p’s list of links above. * Thread Starter [wpbless](https://wordpress.org/support/users/wpbless/) * (@wpbless) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664665) * URL is spotlighting . us * Thread Starter [wpbless](https://wordpress.org/support/users/wpbless/) * (@wpbless) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664676) * OK, thanks! * Thread Starter [wpbless](https://wordpress.org/support/users/wpbless/) * (@wpbless) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664685) * I remember a Users control somewhere. Was it under Settings? It’s not there anymore. * [esmi](https://wordpress.org/support/users/esmi/) * (@esmi) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664686) * There are some user controls in Settings->General – specifically: _Membership: Anyone can register New User Default Role * Thread Starter [wpbless](https://wordpress.org/support/users/wpbless/) * (@wpbless) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664687) * In Settings, there used to be a way to require approval of any post prior to publishing. I thought this was under General or Writing, but those options aren’t there anymore. * Thread Starter [wpbless](https://wordpress.org/support/users/wpbless/) * (@wpbless) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664688) * Thanks Esmi! I changed the Membership setting. (It was “Anyone can register”, so maybe this was the problem and I wasn’t hacked.) * I thought there was a way to always be notified when someone registered, but now don’t see that. * [esmi](https://wordpress.org/support/users/esmi/) * (@esmi) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664689) * No – they’ve been handled by the user roles for a long time. See [Roles_and_Capabilities](http://codex.wordpress.org/Roles_and_Capabilities). * [esmi](https://wordpress.org/support/users/esmi/) * (@esmi) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664690) * What was the New User Default Role set to? * Moderator [t-p](https://wordpress.org/support/users/t-p/) * (@t-p) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664691) * check admin>>>discussion * Thread Starter [wpbless](https://wordpress.org/support/users/wpbless/) * (@wpbless) * [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/#post-2664692) * The poster used an email address at a domain that is active. bill (at) thatdomain. com Viewing 15 replies - 1 through 15 (of 20 total) 1 [2](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/page/2/?output_format=md) [→](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/page/2/?output_format=md) The topic ‘reporting a hack (unauthorized user and posts)’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 20 replies * 3 participants * Last reply from: [wpbless](https://wordpress.org/support/users/wpbless/) * Last activity: [14 years, 1 month ago](https://wordpress.org/support/topic/reporting-a-hack-unauthorized-user-and-posts/page/2/#post-2664844) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics