admin problem

  • Resolved flyfisher842

    (@flyfisher842)


    4 years, 1 month ago

    As the primary admin for a website I webmaster for, I logged in and edited the profile for our President to move him up to admin privileges. Wordfence has notified me 4 times now that this was done out of wordpress as found during a scan. I have marked it fixed 3 times. How do I stop the scan process from thinking this is a problem.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @flyfisher842 and thanks for reaching out to us!

    Could you show me the exact message you are getting? Once you get the message are you able to “Skip” this message?

    Thanks!

    Thread Starter flyfisher842

    (@flyfisher842)

    @wfadam Apparently the last time I clicked the fixed button and saved the changes, it worked. So that message about an admin defined out of wordpress is gone. Not sure why WF should have put up a message anyway.

    Just ran a new scan. Now I am getting messages about tinymce plugin being modified. Of course it was. I updated the plugin as requested.

    Modified plugin file: wp-content/plugins/tinymce-advanced/plugin-assets/tadv.css
    Type: File

    WF is running down thru each file modified. I fixed this yesterday by clicking the fixed button for each file. And now it too is back again.

    Probably tinymce has not updated the respository copy or wherever WF goes to get a copy to compare to what is on my site.

    • This reply was modified 4 years, 1 month ago by flyfisher842.
    • This reply was modified 4 years, 1 month ago by flyfisher842.
    Plugin Support WFAdam

    (@wfadam)

    Thanks for letting us know you resolved this @flyfisher842

    As for the TinyMCE scan messages, I have seen this a few times this week from other people. I had someone inform me that TinyMCE did a definitions update for security purposes and Wordfence is detecting those changes.

    For the best knowledge, I would check with TinyMCE just to make sure but these are most likely false positives.

    Let me know what you find!

    Thanks again for your support!

    Thread Starter flyfisher842

    (@flyfisher842)

    An admin user with the username XXXXXX was created outside of WordPress.
    Type: Unknown Administrator
    Issue Found 10/02/2020 2:17 pm
    High

    An admin user with the username xxxxxx was created outside of WordPress. It’s possible a plugin could have created the account, but if you do not recognize the user, we suggest you remove it.

    We are a membership website. As a full admin, I probably logged in on the front end and went to the dashboard, then escalated xxxxx privileges to admin from contributor. xxxxx is the club president and I do not understand why wordfence does not understand I have the authority to do what I did.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘admin problem’ is closed to new replies.