Unknown users starting with “cron”

  • Hello all

    A WordPress installation I have has around 130 unknown users whose usernames start with “cron” and continue with random numbers like:

    cron-4ba460059fd82f00acf2e54afc3b875a69782f45

    All these users have admin credentials so I’m concerned and deleted all of them.

    Is this a bug or a hack? If this is a known hack, does anyone have any information about how to keep safe? I have Wordfence installed and active, the regular “admin” user is not present in my WordPress and my server doesn’t have FTP enabled so only access to my server is by SSH which is also blocked to all IP addresses except mine.

    Thanks and have a great day!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Tellyworth

    (@tellyworth)

    It sounds like it could be a buggy plugin. Do you mind telling us what plugins you have installed besides Wordfence?

    Thread Starter lepistes

    (@lepistes)

    I only have Wordfence installed. I usually use this installation for development purposes and reset it to a fresh installation from time to time so it is usually empty.

    Please let me know if you need further information.

    Thank you

    I’m having the same issue. On at least 3 sites, the ONLY plugins installed are Jetpack and Wordfence. Each of my 88 sites, has 52 cron-xxxxxxxxxxxxxxx users.

    Thread Starter lepistes

    (@lepistes)

    So it may be a Wordfence issue? It seems to be the only common variable here. I don’t know if Wordfence needs to create admin users to perform some background jobs but if it is the one who is creating these users, it needs to remember cleaning up after itself :]

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Unknown users starting with “cron”’ is closed to new replies.