• Resolved Anonymous User 14808221

    (@anonymized-14808221)


    Hi there, I am using WF since a long time and never had this warning before.

    So according the plugin 2 days ago (24th march) An admin user with the username XYZ was created outside of WordPress.
    Type: Unknown Administrator.

    XYZ is just a placeholder for my real username that I really do use on that site, I replaced it myself. The message of course holds my real Username.

    I have checked and I have no other user on that site with XYZ as username, obvious, since that’s me and I am the admin. So there could not be a second user with the same user name.

    Why is this message being pushed, and should we ignore it? I would consider this a bit alarming because users will “panic”, while there seems no reason to panic at all.
    Most of all I am confused why WF detects this to be happened 2 days ago while the site is years old and WF is installed on it since a good while now.

    Anything related to the update recently pushed?

    Would appreciate input on this, thanks.

    • This topic was modified 3 years, 8 months ago by Anonymous User 14808221.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @bedas and thanks for reaching out to us!

    The “admin created outside of WordPress” warning happens when Wordfence doesn’t have a record of the admin having been created. So this will happen either if the admin was created directly via the database as opposed to inside of the WordPress administrative interface or it can happen if Wordfence is deactivated while the admin is created.

    It is also possible that you have a plugin, such as a membership plugin or a plugin that syncs users from another system or even creates users in a non-standard way, which doesn’t run the usual WordPress hooks. If you have only seen this scan result for admin accounts in the next scan after you have created them, this may also be ok.

    If you want to avoid it you’d have to create the WordPress user inside of WordPress and while Wordfence is activated. If you know that you’ve created the admin it’s perfectly safe to “Ignore” the scan warnings.

    Just to be safe, I would ask your host if they see any admin accounts, outside of yours that can access FTP or the database on your site.

    Thanks again!

    Thread Starter Anonymous User 14808221

    (@anonymized-14808221)

    I am 100% positive no plugins are installed interacting with users, and also the Admin user is existing since the very first day.

    However the message popped up just recently.

    I will ask the Host/Server Admin if they see something, as far I see it is a false alarm, just wondered why all of a sudden…

    I will update here with what I find further.
    Thanks.

    Thread Starter Anonymous User 14808221

    (@anonymized-14808221)

    I thinks this is a false alarm, there are no additional FTP or SQL users I wouldn’t know of, and the admin user is mine, and is not corrupted either.

    Weird. Anyway, closing here.

    Plugin Support WFAdam

    (@wfadam)

    It could have been after a Wordfence or WordPress update as well that the database just overlooked. I would also assume this to be a false positive as its your username that was noted.

    Thanks again!

    I have also been getting a number of errors with “An admin user with the username <actual-legit-username> was created outside of WordPress.
    Type: Unknown Administrator” since these are legitimate users I made when WordFence wasn’t active (using Local by FlyWheel to do major upgrades on sites) I don’t need to see these “HIGH” alerts, yet when I tap “MARK AS FIXED” the problem seems to go away for a short while, but resurfaces again soon. Any reason why the “MARK AS FIXED” option is only temporary? THANKS! ??

    Same problem as @brucerawles – when I mark as fixed, the nag comes back.
    It’s a legit admin user.

    What can we do please?

    Thanks

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘An admin user with the username XYZ was created outside of WordPress.’ is closed to new replies.