WordPress unknown admin users.

  • Anthyx

    (@anthyx)


    10 years, 10 months ago

    Hi,

    I’ve just checked for active users for my wp site.
    Keep in mind than I’m the only user and I usually login with the account name “uxapp*****”.

    The users currently acrive are these, all with administrator privileges:

    admin
    admin26
    admin32
    administrator
    root
    uxapp*****

    Do you think this is correct? Is it possible tha my site has been hacked and these users are not default users but created “ad hoc”?

    I have currently installed Wordfence to protect my site: it informed me today that this night it has blocked many login attempts from China.

    Thanks a lot for your help.

    A.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Kailash

    (@kailash1)

    10 years, 10 months ago

    Yes, it is possible that your WordPress installation is hacked. There could be many reasons as follow:

    – Your FTP is compromised and someone uploaded script which can allow to create Admin user remotely (it is possible)
    – If your WordPress was hacked in the past, it is possible that it wasn’t cleaned properly.
    – There is a security issue with their party themes/plugins
    – Even if you have deactivated unwanted plugins, they may cause security issue

    Thread Starter Anthyx

    (@anthyx)

    10 years, 10 months ago

    Hi Kai,

    a few months ago, after I suspected to be attacked, I installed the wordfence plugin. I’ve used it to clean my site from possible malign code etc.
    Do you think this is enough and the users are just left-overs from the attack?
    What can you suggest me to fix this?

    Thanks a lot.

    A.

    Kailash

    (@kailash1)

    10 years, 10 months ago

    I suggest you to scan your entire account using ClamAV or maldet (if you are on Linux server). If you do not have access and you are on shared hosting, you may need to request to your host to scan your entire account.

    Thread Starter Anthyx

    (@anthyx)

    10 years, 10 months ago

    Ok, I’ve checked with the service provider and it seems that the account is checked for virus / malware every day.

    Now, I have these users:

    admin
    admin26
    admin32
    administrator
    root

    I’ve not created (I use just “uxapp*****”), can I just delete them?

    MBWD

    (@mbwd)

    10 years, 10 months ago

    Yes, you can delete them. And I would change your password again to be safe.

    Thread Starter Anthyx

    (@anthyx)

    10 years, 10 months ago

    Ok, I just did it.

    Many thanks for youe help!

    A.

    MBWD

    (@mbwd)

    10 years, 10 months ago

    Wordfence allows you to block anyone who tries to sign in with a username that doesn’t exist. I highly recommend that you enable that feature. Also, read this article and put it into practice so this never happens to you again: http://codex.wordpress.org/Hardening_WordPress

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘WordPress unknown admin users.’ is closed to new replies.