“logged in successfully as wp_update-17xxxxxx

  • Resolved gohanlover

    (@gohanlover)


    5 months, 2 weeks ago

    Hey guys,
    maybe someone can help me? I’ve been having problems since last October that every one to two weeks (at the latest) Wordfence gives me the message “”logged in successfully as “wp_update-1718073525”” and that the user was created outside. I also have what feels like thousands of people trying to hack into my site every day. And every time my website is gone when someone has managed to do it again and you are immediately redirected to a virus page when you go to my site and that is of course also super dubious for people who are coming on my website and and many people wrote to me about it. But I’m getting really fed up with having to check every day to see if there’s another user in there. I’m constantly changing my password, have tried so many “secure” themes, use no plugins (except Wordfence and one to allow cookies to be blocked) and keep everything to a minimum, have also paid attention to the xml-rpc thing etc. but I don’t know how and through what they get in every time, I’ve already blocked hundreds of people but have no idea what else to do. I have also rebuilt the website 3 times, deleted everything, nothing helps. I’m really desperate.

    thnx

    • This topic was modified 5 months, 2 weeks ago by gohanlover.
Viewing 2 replies - 1 through 2 (of 2 total)

  • Your site has been hacked, delete all admin users (“wp_update-xxx” and “deleted-xxx”), start a full detailed scan with wordfence and repair/delete everything you’ll find. (you’ll do this operation every week…)

    Activate 2fa for admin users and pray with us for a solution to be found.

    There is no efficient solution at this moment.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @gohanlover, thanks for detailing your issue.

    As @badream suggests, deleting the users and any other suspicious users with administrative access is a good place to start. We always recommend using complex unique passwords along with 2FA for your administrative accounts to be sure a malicious source isn’t logging in using a compromized account.

    As Wordfence runs when PHP runs, it’s possible for users outside of WordPress to have been created using a different method to just visiting your site in a browser. For this reason, we recommend updating the passwords for your hosting control panel, FTP, WordPress admin users, and database!

    Our site cleaning instructions will help you out: https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    You can send suspicious files that you’re not sure how to deal with to samples @ wordfence . com. For security reasons, just remember to remove any passwords or keys/salts from any files you do send us.

    Additionally you might find the WordPress Malware Removal section in our free Learning Center helpful. Wordfence and other providers offer paid services to clean your site for you if you’re still having trouble.

    Thanks,
    Peter.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.