Scan for Users Created outside of WordPress

Hi, we have developed a plugin that allows an admin user with the role of 10 to change any of the users ID, this is for security measure, changing the default ID of 1 for admin etc.

Anyway the plugin works very well on standalone WP and with Jetpack, we have however done a lot of testing with Wordfence and found that if in options the – Scan for admin users created outside of WordPress – is ticked, and a scan is performed, it declares: An admin user with the username XXXXX was created outside of WordPress. We see this in the database under _wfIssues, when we select this issue is fix and do a rescan, the same issue pops up.

we have tried setting it to ignoreP & ignoreC and the “click here to clear all ignored issues” and we also delete the entry in the _wfIssues, but it still comes up on a re-scan.

Is there something we are missing in our plugin, we are changing the ID direct in the database as there is no function to do this within WordPress, is there some flag we need to set. We do understand why you do this as a security protection measure with SQLi etc.

If we set the issue to ignoreP or ignoreC and do a re-scan, it doesn’t pop back up on a re-scan. But stays in the Ignored list.

We where thinking we could scan down the list of _wfIssues find the db entry and set it to ignoreP and change the short/long text to identify this was changed with our plugin.

Any help on this would be great.

ps. plugin name is “User ID Changer” by us at interwebDEFENCE