Hacked – New admin user occured
-
Dear forum users,
yesterday I looked on my websites (https://www.fitnesswarrior.de/) user list and found a new admin user with the following data:
Name: updater
Mail: [email protected]
Website: https://wordpress.com1When I noticed the new user my WordPress Version was 4.5. In the meanwhile I updated to 4.5.1.
My websites login is secured with google captcha, limit login attempts and of course I deleted the first admin user. The actual admin user’s got a name with combination of figures and letters. For published sites and posts I created new user accounts with only publisher rights, so that the admin is not revealed. I also ripped the author tags out of the output html code trough functions.php.
So I have no idea how the new admin user got there.
First thing what I did when I noticed was downgrading the new users rights to subscriber. After finished editing WordPress wanted me to give him a nicename, cause it was blank until this time.Then I installed WordFence and did a whole scan. The only thing I found was, that the readme files of some of my plugins are not up-to-date with the newest version of the plugin . (Does this hack prevent plugins from updating? Maybe thats why the user is called updater?). With “Unmask Parasites” and “https://sitecheck.sucuri.net/scanner/” nothing suspicious were found.
Now I wanted to look in the database since when the user is created and it has the absolutely same date and time as my administrator account.
Is there anybody out there who noticed the same as me?
What can I do to figure out where this comes from?
What should I do next?
Should I change the suspicious users password?
How can I check my WordPress has been really updated to 4.5.1 and not only changed its version number?Kind regards
-reeve90
- The topic ‘Hacked – New admin user occured’ is closed to new replies.