Account hacked; changed username

are you able access the database via PHPMYADMIN in your Bluehost cpanel area?

Thanks Lisa! Sorry if I’m a bit slow- I’ve been out of the WP world for a bit and am familiarizing myself again. I was able to log into WordPress via Bluehost and can view both users on there, as well as on WordPress. Is that what you were referring to?

I was referring to the actual database controlling most of the information for your WordPress site.

Create a backup copy of database and all files before making changes.
(ask bluehost if this is something included in your hosting plan)

In your bluehost account you can get to the database.
Ask the bluehost support team to guide you to the area PHPMYADMIN

ultimate goal is to reduce permissions of “unauthorized” user to subscriber or no role

let me know when you are able to get into the database so I can provide more guidance

if you can get to the USERS area of your WP dashboard you can reduce the role of the “unauthorized” user
if you are able to get to the area of your WP dashboard with all content listed, you can change the author of each post and page and custom post type.
this article might be a helpful guide:
https://www.wpbeginner.com/beginners-guide/how-to-change-the-author-of-a-post-in-wordpress/

• This reply was modified 7 years, 2 months ago by lisa.
• This reply was modified 7 years, 2 months ago by lisa.

This is awesome, thank you Lisa! I’m downloading backups now and in the mean time will change the author of each post. I’ll write back again as soon as the files are downloaded- I have an old, slow computer, so it may take a few minutes. I so appreciate your help!

A similar thing happened to me and my ERROR was rushing to delete the unauthorized user—it deleted all posts wrongly “assigned” to the user.

Getting a full backup created and saved remotely is great!
Changing Authorship of posts/pages etc and reducing the capability of user is a good approach
Get yourself fully set as administrator for all of the stuff.

That’s exactly what I was afraid of! I hadn’t even though about changing ownership of the posts. It’s going to take a few minutes, but SO worth it.

I’m having some issues downloading a backup of the files, but hopefully I can get it going ASAP. I’ll write back as soon as it’s all set! Thanks so much.

Hi Lisa! I’m having problems downloading a backup, but I’ve changed the authorship of all of my posts to sanfranista (my original admin). I tried to delete the other user, but I received this message:

“You have specified this user for deletion:
ID #1: suryanata The current user will not be deleted.
There are no valid users selected for deletion.”

Did you find a way around this?

having a backup is important. not sure what is creating the situation of not able to download the backup.
https://codex.www.ads-software.com/WordPress_Backups

if suryanata has the setting of the original administrator, it may be a challenge to make the changes to this user’s capability from the dashboard.

sounds like sanfranista might now be an additional administrator

is the unauthorized user’s email address still present in general settings or in the users area?

you might find that changes will be possible if you are able to get to the database.

is your email address listed in the general settings area?
do not modify until you are sure that the “unauthorized” user is not going to get an email notification of the change or similar.

Thanks Lisa! My “Home Directory” is downloading, but the page kept refreshing nonstop when I tried to download my website files. It might be an issue with the file size and having an older laptop.

I was able to change suryanata’s email address to be my own, so they shouldn’t receive a notification. However, I think they installed a plugin that prevents me from removing them as an admin. It’s in my “must-use plugin” folder, and I’m not sure how to remove it (or if I should even try to do so, since I don’t have a backup yet). Is this something you’re familiar with? I’ve been searching like mad, but all I can find is how to create a must-use plugin, not remove (sigh).

When you look at the items in the “must-use” folder, what do you see?
are you accessing your wp-content folder via FTP?

Vaultpress a paid service might be a good idea for you for automated backups saved remotely.

Good point for the backup. I have a friend downloading my file on a faster computer, but it looks like the slowness is from Bluehost’s end. I’ll make sure to get a backup though!

That’s right- I went into the file listing via Bluehost, which is where I found the folder. There was a SSO file under the “must-use” folder, and from what I could tell, it was causing others similar problems. I deleted the SSO plugin, but I still wasn’t able to change the permission settings for the hacker user. I ran a security scan from another plugin, and it couldn’t identify any issues.

Since I changed the password for the user and changed the authorship of all my posts to my username, in theory I should be able to leave it, but I’m uncomfortable knowing that it still has admin capabilities.

After securing a full backup–the next task is to remove/disable all remnants of the unauthorized user.

other ideas:
1-Hire a local reputable developer for an hour or two to help you get into the database to remove whatever is needed to disable access.
2-Maybe there is a WordPress meetup group near you. At our local WordPress meetups, there is generally time available for getting help with site specific issues.
https://www.meetup.com/wordpress-sf/

This is fantastic, Lisa. Thank you so much! I really appreciate it.

I’m also using Vaultpress now as you recommended!

Sarah–sounds like you are on the right track to get your situation in good working order. Best Wishes.