user_login suddenly changed to "1" on all users – hack or bug?

  • A few months ago I had some WP sites defaced by script kiddies, so I installed Better WP Security all over the place.

    In the past few days, I’ve tried to login to two of my sites, but mysteriously couldn’t get in. Checking things out with phpMyAdmin, I discovered that the username for all users had been changed to “1”. There was no other apparent damage on the site that I could find. I’m not sure when it happened – I hadn’t logged into either site in a few weeks.

    Any idea what is going on here? Is this some kind of odd hack (and how would I figure out what’s been exploited and how to block it), or could Better WP Security have mucked something up along the way, maybe something to do with changing the admin name or removing ID #1?

    One of the sites was on WP 3.5.2 and the other was on 3.5.1 but has since been updated.

    Thanks for any tips!

    https://www.ads-software.com/extend/plugins/better-wp-security/

Viewing 1 replies (of 1 total)
  • Thread Starter kstarcher

    (@kstarcher)

    Okay, the plot thickens.

    It’s now up to SEVEN of my sites that have had the user_login changed – some of them to “1”, but the others (alarmingly) to “admin”.

    I also have two sites that aren’t running Better WP Security… and NEITHER of them were affected. One of my sites that was affected had Better WP Security installed but not activated.

    I’ve changed the usernames again, but have no idea where this exploit could be coming from and how to prevent it. Does anyone have any suggestions? This is very disturbing.

Viewing 1 replies (of 1 total)
  • The topic ‘user_login suddenly changed to "1" on all users – hack or bug?’ is closed to new replies.