WordPress security issue

Somehow my hosting has some malware. It jacked up several sites. I am working with Sucuri to get it fixed. One thing that is happening is that new admin users are being created. In settings, I don’t have the box checked to allow for membership/subscribers. I have changed passwords. All updates are run. I am not sure how they are creating the new users, as admins. Any other suggestions? Plugins to use, etc?

Appreciate any feedback.

  1. >I am working with Sucuri to get it fixed.

    Surely they will also fix this for you? There is likely a script being run either locally (PHP shell, possibly a cron, etc…) or there is something that is allowing remote code execution.

  2. There was a vulnerability recently that when woocomerce and elementor were installed together it was causing this. But it’s been long patched. Could it be that?

  3. Sounds like you’re getting hit with the Essential Addons security vulnerability. Lots of info available about it with a quick google.


This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer