An admin user with the username […] was created outside of WordPress

  • I transferred the database + uploads folder from a staging server to production server and in Wordfence scans this issue is shown:

    An admin user with the username […] was created outside of WordPress

    Why does Wordfence detect this issue?
    Dismissing the issue as solved won’t prevent it reappearing in the next scan.
    Creating a new user and deleting the old one is too tedious/risky for me.

    How can I change the user/database to make the user legitimate?

    • This topic was modified 7 years, 11 months ago by strarsis.
Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi @strarsis,
    How was this user created in first place? via normal WordPress Dashboard? I doubt it’s only the migration from a staging server to a production one caused this issue.

    Just a side note, if you want to ignore this issue in future scans, you can click on “Ignore this issue” not “I have fixed this issue”.

    Thanks.

    Thread Starter strarsis

    (@strarsis)

    Hi wfalaa,

    it may be that also the password hash has been modified.
    Ignoring the issue would be an option – however, I would still prefer fixing the underlying cause. Is a mismatching hash causing it? Can I somehow recreate the user without risk?

    Thanks in advance.

    I think we need to know first if this user has been created with any other way than the default (WordPress > Users) page or not? like:
    – If you have any plugin that manage users?
    – Or if the user was created directly via the database?

    Finally, could you try to deactivate the plugin and re-activate it again then run a new scan? we have seen this worked on a couple of websites where -most probably- other plugins were the cause for this issue.

    Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘An admin user with the username […] was created outside of WordPress’ is closed to new replies.