Dodgy User Admins created on compromised site

  • Resolved kristinubute

    (@kristinubute)


    3 months, 2 weeks ago

    HI

    So I notice that 1 or 2 usernames have been created on a client site that seems to be compromised.

    and wp-adminesr email: [email protected]

    Has anyone else come across these usernames as Admin? I have removed them, hopefully the don’t come back in, depending on what other files have been changed.

    I’m trying to do a full scan with Wordfence now.

    I assume they come in through an old wordpress plugin (I had WP Max Exectuion Plugin ) that I didn’t realise was obsolete. So I have installed Wordfence, scanned, and cleaning up, removed htaccess and added new etc.

    I’m assuming people have seen this dodgy usernames previously.

    I’ve already updated all plugins, removed the one that was obsolete that I didnt’ know about. Updated WordPress already, and configured Wordfence.

    I’m keeping an eye on Live fee also.

    Any other suggestions please?

    Thanks

Viewing 1 replies (of 1 total)
  • Plugin Support wfmargaret

    (@wfmargaret)

    Hi @kristinubute,

    If you’re able to log into the WordPress dashboard, please run a scan with Wordfence and use it to delete/replace any infected files. Scan with the High Sensitivity scan type for best results. You can update this setting at?Wordfence > Scan > Scan Options and Scheduling > High Sensitivity. Make sure to back up your site files before deleting anything.

    As a rule, any time I think someone’s site has been compromised, I also tell them to update their passwords for their hosting control panel, FTP, all WordPress admin users, and database. Make sure to delete any suspicious-looking users with administrative access if you find any.

    You should also update all plugins and themes, and ensure that you’re running the latest version of WordPress core.

    We have the following checklist for site admins to clean sites:?https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    Additionally, you might find the WordPress Malware Removal section in our Learning Center helpful:?https://wordfence.com/learn/

    If you are unable to clean this on your own, there are paid services that will do it for you. Wordfence offers one and there are others. Regardless of whether you choose to clean it yourself or let someone else do it, we recommend that you make a full backup of the site beforehand.

    Let us know how it goes,
    Margaret

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.

Tags