Somehow my hosting has some malware. It jacked up several sites. I am working with Sucuri to get it fixed. One thing that is happening is that new admin users are being created. In settings, I don’t have the box checked to allow for membership/subscribers. I have changed passwords. All updates are run. I am not sure how they are creating the new users, as admins. Any other suggestions? Plugins to use, etc?
Appreciate any feedback.
>I am working with Sucuri to get it fixed.
Surely they will also fix this for you? There is likely a script being run either locally (PHP shell, possibly a cron, etc…) or there is something that is allowing remote code execution.
There was a vulnerability recently that when woocomerce and elementor were installed together it was causing this. But it’s been long patched. Could it be that?
Are you using Essential Add-ons for Elementor plugin?
Sounds like you’re getting hit with the Essential Addons security vulnerability. Lots of info available about it with a quick google.