Bot logging in as admin via admin-ajax.php

  • Resolved V.I. Wars

    (@vi-wars)


    3 years, 7 months ago

    So for a couple of days now I can see in your plugins Live Traffic that a bot (and once a human too) always registers/logs in as admin into my website with the same username and email all the time: ‘[email protected]’, using the admin-ajax.php file (https://www.dbgy.hu/wp-admin/admin-ajax.php).
    I don’t understand how can it do it when I have both registration disabled in WordPress General settings and set the default role for newly registered users as ‘Subscriber’.

    Besides this Wordfencce is showing no malicious code, no malware. It is just showing this admin user logging in. I’ve tried blocking the IP but the next day it logged in from a different IP address.
    Even though I delete the user the next day it comes back.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @vi-wars and thanks for reaching out to us!

    Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    Thanks again!

    Thread Starter V.I. Wars

    (@vi-wars)

    Hi Adam,

    I’ve sent the report.

    Thank you.

    Plugin Support WFAdam

    (@wfadam)

    Thanks for sending that!

    When this bot login in via admin-ajax.php, is this a known username for your site? and you mentioned it’s always the same?

    I am wondering if something is either being cached on your site or coming from the user who is attempting the login. Try to clear your cache plugins just in case its the server.

    Let me know what you find!

    Thanks again!

    Hi, I am having the same issue on a site I manage. The Scan has identified a user logging in via wp-admin/admin-ajax.php which I dont recognise. IT says it is a human. I have cleared the cache as per the recommendation above. Now sending email via Diagnostics.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Bot logging in as admin via admin-ajax.php’ is closed to new replies.