Fake admin accounts being created

**Here are some steps you can take to address the issue:**

**Change Your Admin Password**

Start by changing your admin password immediately. Choose a strong, unique password that includes a combination of letters, numbers, and special characters. Avoid using easily guessable passwords such as “password” or “123456.”

**Delete Suspicious User Accounts**

Review the list of user accounts on your website and delete any suspicious or unauthorized accounts that you do not recognize. Make sure to also remove any inactive or unnecessary accounts.

**Update All Plugins and Themes**

Ensure that all your plugins, themes, and WordPress core software are up to date. Outdated software can contain vulnerabilities that could be exploited by hackers.

**Run Malware Scans**

Use a reputable security plugin, such as **Virusdie** or **MalCare**, to run a thorough malware scan on your website. These plugins can detect and remove malicious code or backdoors that may have been added by hackers.

**Check for Backdoors**

Hackers may create backdoors on your website to gain unauthorized access. Inspect your website files and directories for any suspicious or unfamiliar files. Look for files with uncommon file names or file types, and delete them if they are not necessary for your website’s operation.

**Enable Two-Factor Authentication (2FA)**

Implementing 2FA adds a layer of security to your website. It requires users to provide a second form of authentication, such as a temporary code sent to their mobile device, in addition to their password when logging in.

**Secure Your Hosting Account**

Make sure your hosting account is also secured with a strong, unique password. Enable any available security features provided by your hosting provider, such as firewalls or IP blocking.

**Monitor for Suspicious Activity**

Regularly monitor your website for any unusual activity, such as failed login attempts or changes to core files. This can be done using security plugins or through server logs.

**Consider Professional Security Services**

If you’re still unable to identify and fix the issue, consider hiring a professional security service to conduct a thorough security audit of your website and server (with [**FixRunner WP Agency**]) I have great experiences).

**It’s important to be proactive and take steps to secure your website to prevent further unauthorized access.**

Remember to always keep your software up to date, use strong and unique passwords, regularly monitor your website for any suspicious activity and make backups (via your hosting and/or via backup plugins such as **All in one WP migration plugin**).

3 Comments

proyb2 says:
April 22, 2023 at 6:26 pm
Check your theme e.g. functions.php or other related files. Are those left behind by your dev or does not installed pirate or nulled plugins that could create backdoor?
ivicad says:
April 22, 2023 at 6:38 pm
**Here are some steps you can take to address the issue:**
**Change Your Admin Password**
Start by changing your admin password immediately. Choose a strong, unique password that includes a combination of letters, numbers, and special characters. Avoid using easily guessable passwords such as “password” or “123456.”
**Delete Suspicious User Accounts**
Review the list of user accounts on your website and delete any suspicious or unauthorized accounts that you do not recognize. Make sure to also remove any inactive or unnecessary accounts.
**Update All Plugins and Themes**
Ensure that all your plugins, themes, and WordPress core software are up to date. Outdated software can contain vulnerabilities that could be exploited by hackers.
**Run Malware Scans**
Use a reputable security plugin, such as **Virusdie** or **MalCare**, to run a thorough malware scan on your website. These plugins can detect and remove malicious code or backdoors that may have been added by hackers.
**Check for Backdoors**
Hackers may create backdoors on your website to gain unauthorized access. Inspect your website files and directories for any suspicious or unfamiliar files. Look for files with uncommon file names or file types, and delete them if they are not necessary for your website’s operation.
**Enable Two-Factor Authentication (2FA)**
Implementing 2FA adds a layer of security to your website. It requires users to provide a second form of authentication, such as a temporary code sent to their mobile device, in addition to their password when logging in.
**Secure Your Hosting Account**
Make sure your hosting account is also secured with a strong, unique password. Enable any available security features provided by your hosting provider, such as firewalls or IP blocking.
**Monitor for Suspicious Activity**
Regularly monitor your website for any unusual activity, such as failed login attempts or changes to core files. This can be done using security plugins or through server logs.
**Consider Professional Security Services**
If you’re still unable to identify and fix the issue, consider hiring a professional security service to conduct a thorough security audit of your website and server (with [**FixRunner WP Agency**]) I have great experiences).
**It’s important to be proactive and take steps to secure your website to prevent further unauthorized access.**
Remember to always keep your software up to date, use strong and unique passwords, regularly monitor your website for any suspicious activity and make backups (via your hosting and/or via backup plugins such as **All in one WP migration plugin**).
flexible says:
April 22, 2023 at 6:44 pm
Very curious that noone found anything. You can hire WordFence to do a clean up. It could be you have an old abandoned unpatched plugin or theme. But usually WordFence would alert you of this.

Plugins weg aus Backend nach Änderung Datenbank-Passwort

Moving Site and All Contents?