Simple History Log Explain

  • ranukaatt

    (@ranukaatt)


    1 year ago

    Wordfence alerts us that a user was created outside of WordPress. When we investigated, we found that a user had been created without our authentication.

    Upon inspecting the site, we couldn’t identify any malware or similar issues.

    Here is the Simple History log.

    Screenshot: https://i.ibb.co/17gMvCH/BPA-User.png

    According to the log, do you have any idea how this account was created?

    The log indicates that it used wp_user, but there is no _server_http_referer.

    We would greatly appreciate it if you could help us identify how this account was created.

    Yes, we understand that this is beyond the scope of your support policy. However, as you are familiar with how the Simple History plugin works, we believe you may have better insights into this log than we do.

Viewing 1 replies (of 1 total)
  • Plugin Author eskapism

    (@eskapism)

    It’s difficult to say what happend. From the provided screenshot I can see that “_rest_api_request” is true, meaning that the user was probably created using the REST API. Also “initiator” is “other”, meaning that the function wp_get_current_user() did not return a valid user during the creation. Which is strange, I have not seen that before. That’s unfortunately all I can tell from the screenshot.

    If I was you I would get the server logs and see if they can provide more information about what happend around the time that the user was created. You should be able to see some more information about requests being made there. Good luck!

Viewing 1 replies (of 1 total)
  • The topic ‘Simple History Log Explain’ is closed to new replies.