SciPsy

Any vulnerable code in your web site may be exploited. Some time in 2014, I started receiving bounced e-mail messages saying that the recipient was not found. I found out that my website was being used as a spambot through a vulnerability in phpMyadmin:

Exploiting phpMyadmin: How to Get root in 15 Easy Steps
https://www.informit.com/articles/article.aspx?p=1407358&seqNum=2

Since my web site is mostly HTML, I removed all the PHP code, including WP. I then reinstalled WP, but I have never re-installed phpMyadmin.

I DID NOT add the “Google” user. If I had tried to add it, I would have had to supply a nickname and e-mail since they are mandatory. Google was probably added as an administrator user by an ancient version of WordPress, and it has been kept when I have upgraded to later versions.

During the setup of WordPress, there was a question about whether the contents of the blog should be indexed by Google. I answered “yes”, thinking that otherwise I would just be writing to the cloud and nobody else would ever find what I was writing.

https://scientificpsychic.com/blog/