Hi Leevioo,
Okay, so first advice is never use that developer again! Duh, right?
- Is this multisite, or a single installation?
- Are you sure you are an Administrator on the site?
My guess is that the developer either added a function to your theme, but more likely to a plugin that won’t permit this deletion, or is recreating a user.
I’d temporarily switch your theme to a default and try deleting the user again and see what happens. If it’s still recreated while using another theme, you know it’s not in the theme.
If the developer has ANY access to your hosting account (cPanel, FTP, SSH), change your passwords at least.
I’d look for any suspicious or custom plugins, or plugins in the MU (must use) folder and disable them. In fact, I’d probably disable all existing plugins and see if the issue still happens. If so, it’s likely a mod to your WP installation, or a plugin that’s in the wp-content/mu-plugins folder.
If you don’t find anything there and it’s still happening with a new default theme and with plugins disabled, I’d replace all of the core WordPress files (files in wp-admin and wp-includes, along with some in your root directory).
If you’re feeling adventurous code-wise, you might try downloading a copy of your site and searching across all files for a function like: wp_create_user, which the developer could be using, I suppose.
Some other thoughts
- Have you tried just changing his user permission level to subscriber?
- I’d look for a security plugin like iThemes Security or Wordfence, which may allow you to limit access to your site to specific IP addresses or even turn on two-factor authentication, in addition to offering a bunch of other security tightening options. Note: some features may be in their Pro plugins, but you’ll want to check it out.
Hope that helps!
