Automatic creation of user “Administrator”

  • Hi,
    I have a website under wordpress and enfold, protected by wordfence to protect our website.

    Recently, I have a user that is being created automatically… I delete it… and next day (or few hours later) it is back in the users with administrator privileges.

    This user named “Administrator” use as email address: “[email protected]”!

    I tried also changing its password but it recreate itself so I had 2 users “Administrator”… Little frightening !

    How can I block that ? Where does this come from ?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    This seems to be an active attack on WordPress setups since there other people claiming on the same.

    The new user setup could be done via vulnerable plugin allowing remote code injection.

    It is worth to scan WordPress files (file system) to verify there is no malware infection in PHP files and well try to investigate website access logs for suspicious HTTP requests.

    You can install audit log plugin and wait for next reinfection. Hopefully, this plugin will catch reinfection source.

    One more comment,

    1 – please take a care to update all your plugins since there is a big chance the code injection going via one of the installed plugins

    2 – reset all passwords you are using to manage this website (cPanel, WordPress admin and FTP passwords)

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Automatic creation of user “Administrator”’ is closed to new replies.