• I recently noticed that new users were added to my wordpress sites (yes multiple sites) without my doing. They were also given administrator access and the email address for all the users is [email protected]. Unless I didn’t notice before, but does wordpress create these admin accounts by default? I wouldn’t think so? All my sites were on the same hosting service.

    Has anyone else experienced this? I deleted these accounts, then on one site the account reappeared again the next day. I called my hosting provider and they said my site looked fine. I plugged in my URL to other sites to see if I’ve been hacked and they all said my sites were fine.

    I’ve never seen these admin accounts from WordPress before, but if anyone else has experienced anything like this, I’d love to hear any feedback.

    Thanks in advance.

Viewing 15 replies - 16 through 30 (of 37 total)
  • Thread Starter nickda

    (@nickda)

    @lavish

    Did you find anything? I’m not sure what that site is you linked to. It appears they’re not longer managing their site.

    Hi!

    Even after deleting the hacker account “All Users” count is shown 4 while there are only 3 accounts that I created and after deleting the wrong account the total now should be 3 and not 4.

    Please see the screen shot : https://s14.postimage.org/c09x2usht/2013_03_09_174058.jpg

    I just noticed this today as well. Has anyone drilled down what this is? Is it new or just new to me?

    @twsimpson do you see same email address? WordPress experts / senior guys please we need your attention. Kindly guide us.

    @lavishdhand, I’ve had this case in year and a half ago. You might got a user with blank or white-spaced username, who is admin. This user is not displayed by the admin panel, but is available in the database. As I’m not sure of the reason it is not displaying, you’d better reinstall your WordPress (in order to remove any code changes in the Core) and then remove the odd admin user from the database (phpMyAdmin or something).

    Please tell me the version of your installation and keep me updated on this issue, as I’m curious if it’s exactly the same case as the one I had at the time! Good luck ??

    We’re not the only ones I find the discussions online : https://twitter.com/irsdl/status/310522692367429632

    @vloo it was the user that I deleted, the one that came up from no where. The username was ‘sysadmin’ and email associated was ‘[email protected]’. I am not sure how can I reinstall wordpress, mine is a MultiSite network – how can I go about a renistall?

    Automatic reinstalling of multisite is done through the network admin panel: https://yoursite.com/wp-admin/network/update-core.php

    I think it’s obvious that you’d better have a backup of all files and database tables for that.

    Good luck!

    Hello Vloo!

    As per your advice I have just reinstalled my wordpress, now I have a new problem. All my subsites in the Multisite network are missing their images. Every image is broken/missing, just the primary site’s iamges are fine.

    Example :
    The image is actually located at :
    https://www.MyPrimarySite.com/wp-content/blogs.dir/4/files/2012/10/image.jpg
    Wordpress is picking up the path as :
    https://www.MyPrimarySite.com/SubSite/files/2012/10/image.jpg

    Even the images I’m uploading now are not showing up.

    Please help.

    Usually after updating from the network admin, WordPress prompts you to update from your subsites, so if you haven’t done this, go to the admin panel of your subsites and probably it will ask you to update the db there too.

    If this doesn’t help (which is not likely to happen), most probably the best thing will be just to restore the site with the last backup before the update, and then compare the WordPress installation with a clean one, using software as WinMerge (for Windows) or Meld (for Linux).

    Keep me updated on the progress and I’ll help you if I can!

    You can write me privately on vlood.vassilev at gmail if needed.

    Hello All,

    My site was hacked. It appears they have access to my wordpress admin panel and I cannot log in. ( i had a company design my page) so I do not know the orignal user name or email they used to setup up my wordpress page which is asked for when I click “forgot password” via my wordpress control panel login.

    Any suggestions as to what I can do to get my control panel access back?

    Hi Vloo,

    There is no otion to update from subsites. I’ve restored the backup (one from before the update). Nothings worked out, I’m afraid that everthing is messing up and I’m losing this installation ??

    Starting up from the scartch is scary ??

    NOTE : I only have db back ups I never had files backed up.

    Hey, Finfan, in is not pretty polite to open a new topic in an existing one, as you are distracting the guys from the original one. If you need more people to see yours, create a separate topic!

    But anyway, if you got any access to your hosting account, use it to gain access to your WP – usually changing the email of user with id 1 in wp_users should allow you to reset their password and log in. But in what you are saying, it sounds like you actually got communication problems with the developers, don’t you?

    Yes, my bad, you did a reinstall, not an update, so you wouldn’t get update prompt for subsites.

    At https://yoursite.com/wp-admin/network/site-settings.php?id=2, where 2 is the id of the subsite, you got Upload Path, which is the option that should still point to your wp-content/blogs.dir/4/files folder. So this path should be in the settings and your subsites should be using in urls paths to images like https://www.MyPrimarySite.com/SubSite/files/2012/10/image.jpg

    Anyway, restoring a full db backup from before the reinstall should have fixed the problem, so probably something else is broken on your side. Btw, did you try regenerating the .htaccess file by saving again the current settings for the permalinks? Might help, eventually, as either WordPress or Apache should redirect https://www.MyPrimarySite.com/SubSite/files/2012/10/image.jpg requests to the physical path https://www.MyPrimarySite.com/wp-content/blogs.dir/4/files/2012/10/image.jpg

    I can’t help you more than that if you don’t give me any other clue, a login or at least a real url to check it out (you got my email in a previous response). I hope all this served you as a lesson not to mess with WordPress without having a proper FILES AND DB BACKUPS in advance, it is vital.

    So I just spoke to GoDaddy tech support and they are claiming that this is a non-issue created by WordPress. Any thoughts on this?

    Sounds more like “F you, we don’t really care about your minor security issues. Deal with it.”… I’d help ya if I had the access, but what seems to be at least as important as securing the site is changing hosting to a someone who cares about your well-being.

Viewing 15 replies - 16 through 30 (of 37 total)
  • The topic ‘Hacked? Admin Accounts Created Without My Doing’ is closed to new replies.