[ad_1]
My security plugin sent a notification of an admin login today at 12:42. I immediately logged in and changed the user role and logged the intruder out, then blocked the IP and deleted the user account. I understand this exploit has happened in the past and was under the assumption it had been resolved. I logged in within 1 minute of the account creation, therefore no settings were altered and I still have control of my website.
I had the user role left at “default” in the registration settings. After the incident I changed it to “Subscriber”. The Ultimate Member registration page was the only page accessed as far as I can tell from the raw access log.