Hacked? Admin Accounts Created Without My Doing

If accounts are being added then your account has been hacked.

Start by removing all administrative accounts, except your primary one.

Then change your administrative account password, hosting control panel password, FTP password, and all email account passwords related to the website.

Use a service like Unmask Parasites to check the coding of your pages just in case.

You need to start working your way through these resources:
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
Hardening WordPress
https://sitecheck.sucuri.net/scanner/
https://www.unmaskparasites.com/
https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Same with my sites!!! Just noticed the same admin account with the same email address, I googled “[email protected]” and reached here.

Please advice

@lavishdhand, why not try Esmi’s methods?

Hi,

Thanks for all the feedback. So before anyone was able to reply to the thread, here’s what I did.

-Removed all the admin accounts that I did not create
-Changed the passwords on my admin account, email associated with it, FTP account and hosting provider
-I did plug my site into Unmask Parasites and it said it was clean.
-I installed a security plugin (I was stupid to not do it before) to double check and add another barrier. It found suspicious coding on all of my sites, so I removed all the code.

Now I’m waiting and hoping this is the end of it. I’ll keep you posted.

Hang on, how did the hacker get into your code to begin with?
Surely you need to tackle that instead of removing the malicious code after the hacker gained access to your website.

@lavishdhand
Did they do anything to your sites? When did you notice these accounts created?

Hello @anevins Hello Everyone!

I sure am working as per the advice given however I’m curious to know is my website really hacked or is it wordpress. If my website is really hacked, how did this happen? How can I protect my other websites before it happens to them?

regards

@andrew
I’m not sure. I installed WordFence and it said it found “malicious” code on my site. I’m not sure if they put it there or if it was really malicious. I don’t even know where to start to investigate this stuff.

I just had it removed to be safe.

@lavish
I’m in the same boat as you. But I do know that one day the account wasn’t there and the next day the account was in my site.

I found it very strange and would doubt that WordPress would create these accounts.

WordPress did not create the accounts.

The email address is mentioned on this webpage http//bestteam-com-do/author/sysadmin/

Does someone find a clue out of this?

@lavish
The URL didn’t work for me. Can you resend?

I found the page. That is strange. I found their FB page as well and it mentions them as spammers.

Hmm.

https://bestteam.com.do/author/sysadmin/