WordPress.org

Forums

Security question - extra users in DB? (6 posts)

  1. vmurygin
    Member
    Posted 6 years ago #

    Hi,

    I run a few blogs - and just now noticed a weird thing.

    I checked the wp_users table in the database for few sites and see that there are more users than you can see in the WordPress admin screen.

    Particularly, there is a user named 'WordPress' that has a register date of 0000-00-00 00:00:00. It seems to be like that on a few sites.

    Our sites have been hacked recently - although probably not through wordpress - but I'm afraid that these extra users were created by hackers so that they are able to log in, etc. And I wanna know if I should delete those extra users.

    Or is this normal and these are generated by WordPress and they need to be there?

    Thanks for your help!

  2. whooami
    Member
    Posted 6 years ago #

    Particularly, there is a user named 'WordPress' that has a register date of 0000-00-00 00:00:00. It seems to be like that on a few sites.

    Our sites have been hacked recently

    and youre still hacked, you were never un-hacked, if you still have that user laying around.

  3. vmurygin
    Member
    Posted 6 years ago #

    Sorry; I'm not entirely sure what you mean. Can you please elaborate like I'm a 2 year old?

  4. whooami
    Member
    Posted 6 years ago #

    like a 2 year old? a 2 year old wouldnt be admin'ing a web site, much less a "few".

    you

    are

    still

    hacked.

  5. vmurygin
    Member
    Posted 6 years ago #

    Thanks for your "help" and your presumptuous attitude. I never said that I was admin.

    I would really appreciate if anyone else can give any advice on what should be done in such case - should I remove those users? And if anyone else experienced something similar, etc.

    Thanks!

  6. whooami
    Member
    Posted 6 years ago #

    I never said that I was admin.

    yes, you certainly implied it:

    I run a few blogs

    Our sites have been hacked recently

    you have access to those blog's databases:

    I checked the wp_users table in the database for few sites ...

    --

    Moving on.

    I would really appreciate if anyone else can give any advice on what should be done in such case - should I remove those users?

    In the case of the user named wordpress -- Of course, you delete the user. C'mon. As for the rest, who knows, you dont identify them.

    And if anyone else experienced something similar, etc.

    Thousands.

    http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/
    http://wordpress.org/search/hacked?forums=1

    There is a search box on every page of this site, in the event you missed it.

Topic Closed

This topic has been closed to new replies.

About this Topic