Sarah

Jeff, you are my hero. I just went into the cPanel and changed the username. Suryanata is no more! I also found out via Wordfence that were 29 login attempts to my site by someone tryin to use the username “admin”, and I’m assuming it’s the same person who started this trouble in the first place.

I haven’t run into the sitemaps issue–that sounds incredibly frustrating. I’m hoping someone here has run into that before and knows what to do!

Seconding Jeff’s suggestion, the only way I could initially get in was through the CPanel. If you’re not sure how to do so, call your hosting company and have them walk you through it- it was definitely helpful for me.

They were, however, at a loss as to how to change the username, which is frustrating. I still haven’t solved that one.

I installed the WordFence plugin for added security and also made sure that I had a backup of my site’s files in case this happens again. I feel like I should hire someone to look through all the code to see if there’s anything weird in there- has anyone had any luck doing something similar?

Thanks again to everyone for contributing to this thread- so helpful!

I’m so glad to hear from others about this (well, not glad for you, but glad to not be alone on this!). I feel like there has to be a way to change the username, since the hacker was able to do it in the first place. I’m going to research developers/troubleshooters and see if this is something that can be done.

Have you all had any issues with your other accounts being compromised, or attempts to log in from outsiders? I know I used my WordPress password elsewhere, and I’ve been changing my password and haven’t had any issues yet, but it could happen.

Hi Jeff! Thanks so much for sharing what happened to you as well. It’s so infuriating to have your site hacked, and especially to not be able to resolve the username issue. I haven’t found someone yet to fix the username problem, but if I do, I’ll share an update here. Have you had any luck since you wrote?

Thanks again!

I’m also using Vaultpress now as you recommended!

This is fantastic, Lisa. Thank you so much! I really appreciate it.

Good point for the backup. I have a friend downloading my file on a faster computer, but it looks like the slowness is from Bluehost’s end. I’ll make sure to get a backup though!

That’s right- I went into the file listing via Bluehost, which is where I found the folder. There was a SSO file under the “must-use” folder, and from what I could tell, it was causing others similar problems. I deleted the SSO plugin, but I still wasn’t able to change the permission settings for the hacker user. I ran a security scan from another plugin, and it couldn’t identify any issues.

Since I changed the password for the user and changed the authorship of all my posts to my username, in theory I should be able to leave it, but I’m uncomfortable knowing that it still has admin capabilities.

Thanks Lisa! My “Home Directory” is downloading, but the page kept refreshing nonstop when I tried to download my website files. It might be an issue with the file size and having an older laptop.

I was able to change suryanata’s email address to be my own, so they shouldn’t receive a notification. However, I think they installed a plugin that prevents me from removing them as an admin. It’s in my “must-use plugin” folder, and I’m not sure how to remove it (or if I should even try to do so, since I don’t have a backup yet). Is this something you’re familiar with? I’ve been searching like mad, but all I can find is how to create a must-use plugin, not remove (sigh).

Hi Lisa! I’m having problems downloading a backup, but I’ve changed the authorship of all of my posts to sanfranista (my original admin). I tried to delete the other user, but I received this message:

“You have specified this user for deletion:
ID #1: suryanata The current user will not be deleted.
There are no valid users selected for deletion.”

Did you find a way around this?

That’s exactly what I was afraid of! I hadn’t even though about changing ownership of the posts. It’s going to take a few minutes, but SO worth it.

I’m having some issues downloading a backup of the files, but hopefully I can get it going ASAP. I’ll write back as soon as it’s all set! Thanks so much.

This is awesome, thank you Lisa! I’m downloading backups now and in the mean time will change the author of each post. I’ll write back again as soon as the files are downloaded- I have an old, slow computer, so it may take a few minutes. I so appreciate your help!

Thanks Lisa! Sorry if I’m a bit slow- I’ve been out of the WP world for a bit and am familiarizing myself again. I was able to log into WordPress via Bluehost and can view both users on there, as well as on WordPress. Is that what you were referring to?

Thanks contentiskey! I’ll give that a try.

It’s the Fashionista theme by Athemes. I appreciate your help!

Hooray, thank you so much! Again, I’m sorry I missed these responses earlier.