Admin password was changed

  • Has anyone experienced this before? I got a notification from Wordfence that twice someone from Germany had requested a password change for the above site. I didn’t worry too much as the email comes to me. However, I decided to sign in to make sure all was well, and my password didn’t work! I was able to request a password change and change it to a new password and I scanned it and found some back door trojan and deleted it. But I’m a bit freaked out how they were able to change the password.

    I’m glad I was notified and have access to the cpanel if anything had gone wrong and back up all my sites often. I’ve also tried hiding the login section but that didn’t slow anyone down from finding the admin username or the place they were to sign in either.

    How could they change the password without getting the email? Everything is up to date apart from the WordPress version, I’ve updated the theme and the plugins, I’m just waiting a week or so before updating WordPress as I have a lot of sites to do and I want to be sure that the plugins have had a chance to update and fix bugs.

    Is there another plugin I should be using on all my sites that is priced so I can protect all of my sites?

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • lisa

    (@contentiskey)

    suggestion: can use check in the database to check on all users to be sure there are no unfamiliar users.

    Thread Starter germars

    (@germars)

    Hi @contentiskey Well, I’m the only user on this particular site. I did check the users from within WordPress when I got back in. Do you think there could be other users I can’t see if I go to the cpanel?

    Moderator Bet Hannon

    (@bethannon1)

    Since you are already running WordFence, consider turning on it’s two-factor authentication. That should prevent anyone from using your account to gain access.

    And the suggestion above is a good one: do check in the database for any addition users that may not be displaying in the dashboard. Look in the wp_users (or if you have a different prefix, xx_users).

    Thread Starter germars

    (@germars)

    Thank you both. What method do either of you use for the two-factor authentication?

    I did check the wp-users in the database and there is only my login, which is good.

    I guess I’m going to have to do this for all my sites, what a pain.

    Moderator Bet Hannon

    (@bethannon1)

    In a site with WordFence activated, visit your user profile, and down a ways is an option to activate 2FA.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Admin password was changed’ is closed to new replies.