As of today, I’ve been facing a very annoying issue on WordPress: an user X, called “wordpressauto” / “WordPress automatic” has been created, with a questionable e-mail, without any prompt.
To remove such user, and watch out for this website’s security I’ve tried the following:
– delete the user X (unsuccessful, it’s automatically created again)
– change user X permissions (unsuccessful, it would change soon after to the original admin role)
– change user X’s email and password, but not the username itself (successful, the user X is now under my own alt email and with a randomized password)
– delete user X after changing the credentials (unsuccessful, the new user X is made again as another iteration – this is confirmed as the user ID is increased)
– activate Wordfence (I now have better measures, but the user is created anyway)
The user X’s email is one noted on GitHub in a malware something list.
I tried searching a little about this, and found this could have been set as a function in a file. It was a “how to make” rather than “how to fix” info, though, and I’m still unsure on what to do to fix this breach.
If anyone has any insight on how to prevent this (probably malicious) unauthorized access to my website admin functions, I would really appreciate it.
[ad_2]
Are you certain it’s a breach? What server infrastructure are you on? Many hosts have required users added that can’t be deleted and will be automatically recreated.
I do this on my servers as well, if you have a site on my servers, my team needs access to support, so can’t be removed.
Are you using any sort of auto login function in any of your stack?