Support » Fixing WordPress » Website hacked. User renamed to ''

  • Hi,

    I’ve been on Holidays for a few weeks. Returned and tried to log into my dashboard with no success. Did a password recovery thinking it was my faulty memory when I saw the username was ‘’. Managed to get in and change pwd, any new users added take on the same name.

    I’m reasonably new to this type of scenario and have spent the last 5 or so hours reading all over the place.

    Lot’s of great resources and I’ll follow them closely. My plan is to wipe the site and start a fresh install, then add my custom theme and a couple of plugins. Then beef up security based on things I’ve read.

    Can anyone shed any light on this ‘’ subject specifically. As in what are they trying to achieve, should I be looking for some sort of back doors? Anything specific to would be helpful


Viewing 3 replies - 1 through 3 (of 3 total)
  • Just another random hacker / spammer is all. Nothing particularly significant regarding that name.

    hello everybody

    Since 2 weeks ago, something very unusual happened to my 2 WP accounts, and I need to explain this in order to get to know if anyother person has been passing the same, or maybe it’s something new on WP…

    I used to have my “usernames” as “admin”… but suddenly on the login page they now appear as do you know why or what does this means?

    It doesn’t seems to be hacked, all the content and pages are working perfectly …

    Is there anyway to get the username changed to a new one by me??
    La Madame

    I’ve learnt a lot in a week…

    I recommend, lamadame, that you read through the appropriate hack documentation as found on You have indeed been hacked, and you’ll find all new users you add will take on this name (, you may also find a some of your functionality in the backend has vanished. Though I also could see no change on the front end of my site, I wasn’t taking any chances and stripped it back to nil and started over.

    I have much more secure and hardened sites now and there are a few things I was doing which I won’t do again.

    Don’t use ‘admin’ as your username, this opens you up to brute-force attacks. Also password strength is key for this, in fact a lot of hacks seem to happen this way. So firstly I would go ahead and change just about every password imaginable.

    Do make sure you’re themes, plugins and WP itself are all up-to-date. Don’t leave deactivated plugins or themes just lying around – remove them, they may pose backdoor threats.

    I’ve altered .htaccess files within root dir and wp-admin dir to deny many bad IPs. and; in my case I’ve allowed only my own IP access to wp-admin (may not be suitable for you).

    I’ve also installed the following plugins and am assessing their usefulness and stability as time goes on. These all came via strong recommendation, although I am suspicious on using so many security plugins:

    BackWPup (I receive an email backup, daily, of vital files)
    Exploit Scanner (this one will comb over your site and assess risks)
    OSE Firewall (has blocked some interesting attempts, I receive notification of anything untoward)
    Simple Login Lockdown (great for bruteforce attacks)
    WordPress File Monitor Plus (emails every time a file is changed, whether it’s me, automated, or nasty)

    I also recommend changing your database prefix from the default ‘wp_’ to something, anything, unique.

    All I can say is, backup everything you have now and get ready to READ READ READ… I feel much more confident now and may have omitted some of my steps from this post, the only way is to grow your understanding.

    Hope this helps. Good luck, mate.


Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Website hacked. User renamed to ''’ is closed to new replies.