I have a wordpress that is facing public. Unfortunately, what i found was this user for some reason has an editor privilege, and was creating spam post that looked like it is legit, but it has URL’s that sends to a spam website!
I already deleted the user and the post, but right now I am really curious how did he have that access? how can a user get editor privilege without an admin giving it?
Security vulnerability in some plugin maybe? Or someone left a “backdoor”
If you’ve ruled out any other administrator creating the user or approving a registration that assigns ‘Editor’ as the default role, there could a variety of reasons of it occurring. It also assumes that no other party has access to the site and/or server e.g. developers or system administrators.
1. Do you have a robust passphrase?
2. Is the site running the latest version of WordPress?
3. Are all the plugins up-to-date?
4. Do you have any security plugin installed?
5. If yes, are there any known vulnerabilities it has flagged?
6. If you are unsure and if the host you are with supports malware scans, are there any alerts or notifications?
7. Have you reviewed the logs?
Other things to look into:
1. Have you changed the password/passphrase?
2. Do you have pristine backups?
You’ve been hacked. Install Wordfence and run a scan.
Changing passwords, updating plugins, etc is fruitless – the hack has already occurred and your site is compromised.