[ad_1]
Someone accessed my websites, not sure how they created new user, But it was in also visible on users >> profile section.
I checked everything and doesn’t seem anything tampered with, should I be worried or need to take any actions.
https://preview.redd.it/e8mw1y9awhdd1.png?width=2226&format=png&auto=webp&s=174925e201a5a97de60d00c89a5b79fb29bc9fa0
Also my website was constantly getting API requests from some bot. I have blocked it and enabled under attack mode in Cloudflare to make sure if it’s not some sort of DDOS attack.
https://preview.redd.it/mb9ngl7cwhdd1.png?width=2254&format=png&auto=webp&s=18236c938a6ecd0bee6e67c326a9aa570070f57d
[ad_2]
This might help it’s a collection of information from this vey sub https://wpappsec.org
If users are being created in your site then would will need to find and fix the root cause of the issue.
which host do you use?
While it doesn’t get to the root of how they are getting in to your site, you may want to consider using Cloudflare Access to add an extra layer of protection to your admin area. Then you are authenticating upstream of your application (WordPress), so if there are security vulnerabilities (now or in the future), the attacked still can’t get into your admin area.
[https://i.ibb.co/rcHDK4M/image.png](https://i.ibb.co/rcHDK4M/image.png)