3. The login in question was only given “editor” role.
4. So how could this person or entity make their post appear to have come from “administrator” rather than themselves???
…they would have to take the manual step to attribute the post NOT to themselves but to another user. Am I correct in this analysis? Or is there a way for a program or entity to login and make a post attributed to someone else?
First, any program or script could do whatever any entity could do after first having been shown or told by an entity who knows how to do that.
I just temporarily changed an admin account to an Editor role and began editing a page as that editor, then looked to see what report was being shown to my regular admin account when I tried to edit the same page there also. The message displayed to my admin account at the page editor said “devimin2 is currently editing”, and devimin2 happens to be the display name set for that temporarily-an-editor account so its actual username never get displayed anywhere. As based upon that, I would guess the editor account that had been doing whatever at your site *might* have (or might have had) “administrator” as a display name since any entity could have made that so in order to deceive.
As an aside: During the above test, I found it interesting that an editor has just as much ability as an admin for hijacking a page being edited by someone else. I would have assumed one’s own knight could not trump its king.
…login (one that was set up at the request of my boss to allow a company that wants to take over my job to “evaluate” the web site).
I would have first made a new user role with permissions to see essentially everything but having no ability to edit anything. At one site I manage, I have not given even the domain owner an admin account. I hear people claim to have “accidentally” changed their URLs at the Dashboard, for example, but those alleged “accidents” are actually acts of negligence or ignorance (lack of knowledge) and I am not willing to unnecessarily expose a site to any such kind or type of “accident” even if only ever committed inadvertently or “innocently”.
https://www.ads-software.com/plugins/members/
