Arizona WordPress Group Message Board › WordPress security question

WordPress security question

Marlon P.
user 8837714
Phoenix, AZ
Post #: 8
I maintain a WordPress site that has been hacked, recently having several unauthorized users added. The WordPress version is up-to-date, and the admin password has since been changed, and is very strong. However, I still find unauthorized users being added on a daily basis. The site is protected by Sucuri, and there has been no malware reported. Is there anyone who can offer any advice on where to go from here?

Thanks!
Brandy L.
TekGrl
Phoenix, AZ
Post #: 1
Hi - I hope that you have been able to resolve your issue, but if not I wanted to offer some assistance. Because the default user created by WordPress has the username "admin" and a database ID of 1, even a complex password paired with the username "admin" can be easily brute-forced. So, two suggestions:

1) Make sure you aren't using admin (or any variation of administrator or something easily guessed for your site) as your username. If you are, create a new administrative user with a unique username and delete the one with the username "admin.

2) You might consider a plugin like Better WP Security as it has a variety of tools to assist in securing your site. This plugin will let you rename a user with the username "admin" and will also change the database ID in addition to helping to secure other common WordPress vulnerabilities.
Carol S.
CarolStambaugh
Group Organizer
Phoenix, AZ
Post #: 41
Hi Marlon,

Haven't seen you in a while, I hope all is well. :-) Are the new users being added as subscription level (as WordPress defaults to) Or ar they being added at a higher user role capability? I get random users added at the subscriber level (kind of like spam comments). These are probably not going to cause any harm, but they annoy me and I delete them anyway. smile If you don't have a membership plugin installed, you can disable the ability for people to register for your site by going to Settings -> General and unchecking the box that lets people register. If this doesn't fix the registrations, then there may be a back door installed and my guess is that Sucuri should be able to help with that.

Good luck,
Carol
Carol S.
CarolStambaugh
Group Organizer
Phoenix, AZ
Post #: 42
Oh, and ditto everything Brandy said. :-)
Kyle T.
KyleTheisen
Chandler, AZ
Post #: 10
All good advice above, make sure to do all of those things but I also recommended three more things.


  • Change your FTP password and remove any that aren't needed.
  • Change your database password.
  • Ask your host to scan for malicious files on your server.


Good luck.
Marlon P.
user 8837714
Phoenix, AZ
Post #: 9
Thanks to Brandy, Carol, and Kyle. I didn't realize that WordPress sites were under such aggressive attack right now, until this week! I don't use the "admin" user name, and have a very strong password, but the hackers are still getting in--I can't believe how they're so successful. I'll look into the plugin. Users are being added as editors, I believe. If they're being added at all, they must have administrator privileges. Sucuri has been very helpful, informing me of how to block unauthorized users' IP addresses. I'll change the ftp password, and will look into how to change the database password. THANKS AGAIN!!!
Powered by mvnForum

Our Sponsors

  • Gangplank

    Thank you to Gangplank for allowing us to use their meeting space.

  • WP Engine

    Premium Managed WordPress Hosting

  • Headway Themes

    Thank you to Headway Themes for assistance with meeting space

  • Skyhook Internet Marketing

    Special thanks to Skyhook for sponsoring the AZ WordPress Birthday Party

  • Rock It Boot Camp

    Technology-based training programs to meet the needs of employers.

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy