Title: Username has been changed
Last modified: August 21, 2016

---

# Username has been changed

 *  Resolved [oldmankit](https://wordpress.org/support/users/oldmankit/)
 * (@oldmankit)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/username-has-been-changed/)
 * I notice that my username has been changed. I am the only user, the administrator,
   the everything for this site. Today I tried to log-in and it failed. I was able
   to reset my password, but on the email it said my username was ‘admin’. It didn’t
   used to be ‘admin’. Someone or something has changed it.
 * My immediate thought was – bugger, hacked. However I can’t find any evidence 
   of a hacker. I have had a look around the directory tree of the server and can’t
   see any suspicious files. I also note that none of the web pages seem to have
   been tampered with. But I haven’t looked hard, and I know hackers can be careful
   about hiding and not being obvious. The problem with this is that changing my
   username is really obvious, so why would they do it?
 * Is there any reason my username may have changed that does _not _relate to being
   hacked?

Viewing 10 replies - 1 through 10 (of 10 total)

 *  Moderator [t-p](https://wordpress.org/support/users/t-p/)
 * (@t-p)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/username-has-been-changed/#post-3788844)
 * delete that user and create a new one with new username and pass.
 *  Thread Starter [oldmankit](https://wordpress.org/support/users/oldmankit/)
 * (@oldmankit)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/username-has-been-changed/#post-3788860)
 * > delete that user and create a new one with new username and pass.
 * That doesn’t answer my question, which was this:
 * Is there any reason my username may have changed that does not relate to being
   hacked?
 *  [catacaustic](https://wordpress.org/support/users/catacaustic/)
 * (@catacaustic)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/username-has-been-changed/#post-3788861)
 * > Is there any reason my username may have changed that does not relate to being
   > hacked?
 * The only possibility is if there’s some rouge plugin or something in your theme
   that’s done that, but the chances of that are **very** remote. Those sort of 
   changes are just about always the result of a hack attempt of some kind.
 *  Thread Starter [oldmankit](https://wordpress.org/support/users/oldmankit/)
 * (@oldmankit)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/username-has-been-changed/#post-3788862)
 * > The only possibility is if there’s some rouge plugin or something in your theme
   > that’s done that, but the chances of that are very remote. Those sort of changes
   > are just about always the result of a hack attempt of some kind.
 * Thanks for that clarity. It is what I feared. I have done everything within my
   power to ensure that this wordpress installation was clean and kept clean. I 
   don’t know what to do now : (
 *  [catacaustic](https://wordpress.org/support/users/catacaustic/)
 * (@catacaustic)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/username-has-been-changed/#post-3788863)
 * This is the “standard” list of resources that’s always posted on here, so I’d
   recommend that you do the same as everyone else is told to do, and go through
   these one-by-one.
 * You need to start working your way through these resources:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * Additional Resources:
    [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/)
   [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)
   [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress)
   [http://www.studiopress.com/tips/wordpress-site-security.htm](http://www.studiopress.com/tips/wordpress-site-security.htm)
 * And remember… Just because your site got hacked, it doesn’t mean that it was 
   from a vunerbility on your site. Even though it is mostly the case, there are
   still times when it’s other accounts on a shared server that are compromised 
   and allow back-door access to your site and your databases. In the end it comes
   down to keepinng an eye on things and if things get to bad think about paying
   a professional firm/person to do the monitoring and virus removal.
 *  Thread Starter [oldmankit](https://wordpress.org/support/users/oldmankit/)
 * (@oldmankit)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/username-has-been-changed/#post-3788864)
 * I really appreciated this seasoned advice.
 * I was so thorough in cleaning out the last time my site got hacked, and to find
   it cropping up again so soon, well my guess is that it might be a problem with
   my shared server. I’ll contact them, but am not hopeful that they’ll sort it 
   out. Cheap hosting has its downsides.
 *  [catacaustic](https://wordpress.org/support/users/catacaustic/)
 * (@catacaustic)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/username-has-been-changed/#post-3788865)
 * The times that I’ve seen it occuring over and over again were from a vunerbility
   in a 3rd party script that was used by the themes of the sites that were affected.
   The one that got these sites was the TimThumb script. Even the newer “secure”
   versions let hackers in because it was jsut not secure enough. I had to modify
   the themes on 5 websites to get rid of that script, and all calls to it, in order
   to get the sites working again without them getting hacked every 2-3 days.
 * If you get this happening often then I’d suggest switching back ot the default(
   and un-modified) theme and removing any plugins that are not 100% essential (
   and be very very ruthless on that front). If you use the basic WordPress core,
   the default themes and little or preferrably no plugins you’ll find that it will
   become a whole lot more secure.
 *  Thread Starter [oldmankit](https://wordpress.org/support/users/oldmankit/)
 * (@oldmankit)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/username-has-been-changed/#post-3788866)
 * It seems like vulnerabilities are just everywhere. Pretty hard for non-experts
   to navigate.
 * My theme is based on thematic, which seems very well-kept and probably secure.
   After the time I’ve invested in theming [my site](http://oldmankit.com) there
   is no way I will go back to the default theme.
 * I do keep plugins to a minimum, but the thought of no plugins at all – wow, that
   is really minimal.
 * I’m considering changing my hosting, but there is always a chance that I will
   just be carrying security holes from one host to another!
 *  [Gene Robinson](https://wordpress.org/support/users/emhr/)
 * (@emhr)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/username-has-been-changed/#post-3788899)
 * Hi Kit,
 * I see two lapses in security on your site. You are exposing Apache index directory
   views and displaying errors on the server when an error is encountered. The problem
   with the first is that it exposes the contents of directories that dont have 
   index files. And the second exposes file paths on your server. Both can reveal
   vital information to a bot or hacker.
 * You can fix the first in Apache by make sure the indexes are turned off in the
   Options diective of your .htaccess file. Here is an example of an options directive
   with a no indexes setting:
 * `Options -Indexes`
 * and the second can be resolved by turning error display off in your wp-config
   file. look here for more on the wp-config file:
 * [http://codex.wordpress.org/Editing_wp-config.php#Configure_Error_Logging](http://codex.wordpress.org/Editing_wp-config.php#Configure_Error_Logging)
 *  Thread Starter [oldmankit](https://wordpress.org/support/users/oldmankit/)
 * (@oldmankit)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/username-has-been-changed/#post-3788970)
 * Hi Gene,
 * It’s amazing of you to go to such lengths to help me secure my site.
 * Turning off directory listing was as easy as you suggested.
 * Error reporting is a bit harder.
 * I added this to wp-config.php:
 *     ```
       @ini_set('log_errors','On');
       @ini_set('display_errors','Off');
       @ini_set('error_reporting', 4339 ); //only log errors you will want to know about
       @ini_set('error_log','/home/myusername/logs/php_error.log');
       define('WP_DEBUG', false);
       define('WP_DEBUG_LOG', false);
       define('WP_DEBUG_DISPLAY', false)
       ```
   
 * I created the file /home/myusername/logs/php_error.log and gave it 600 permissions.
   How would I test that it is correctly logging to this file? It’s still zero bytes.
 * Kit

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Username has been changed’ is closed to new replies.

## Tags

 * [admin](https://wordpress.org/support/topic-tag/admin/)
 * [hacked](https://wordpress.org/support/topic-tag/hacked/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 10 replies
 * 4 participants
 * Last reply from: [oldmankit](https://wordpress.org/support/users/oldmankit/)
 * Last activity: [13 years, 1 month ago](https://wordpress.org/support/topic/username-has-been-changed/#post-3788970)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics
