Since the past 3 days, I am seeing that every day a new user registers to my WordPress site. The default role is admin and it's very concerning. Their email ids are [email protected] and [email protected].
I have started using Wordfence and disabled Anyone Can Register in Settings > General.
Can you suggest me what additional shall I do?
Right now, I am manually deleting registrations.
Since the past 3 days, I am seeing that every day a new user registers to my WordPress site. The default role is admin and it's very concerning. Their email ids are [email protected] and [email protected].
I have started using Wordfence and disabled Anyone Can Register in Settings > General.
Can you suggest me what additional shall I do?
Right now, I am manually deleting registrations.
Share Improve this question asked Jun 16, 2019 at 2:28 Vaibhav SharanVaibhav Sharan 1 1- Hi Vaibhav! We don't cover security questions in this community. I recommend you talk with a WordPress security expert asap. This is not normal behavior for a WordPress site. – MikeNGarrett Commented Jun 16, 2019 at 22:12
1 Answer
Reset to default 0I suspect that there is malware files on your system that is allowing those user registrations. There are lots of googles/bings/ducks on how to clean a hacked system. (I use my own procedure here.)
What I would do is these things:
- change all credentials everywhere (hosting, FTP, admin etc)
- create a new admin user with a very secure password, log in as it (to verify it works), then demote the current admin user(s) to lowest level. Especially if your admin user is called 'admin'.
- disable xmlrpc.prg on your site (that can be a hack intrusion point)
- reinstall WP (use the Update on the dashboard).
- reinstall all theme from good sources via FTP. Do the same for all plugins
- Manually look at all files in all folders on your site for 'bad' files. Sorting by date helps, since you updated everything - all updated files should have the same datestamp, so unwanted files will stick out. Don't forget to look at all hidden files, including htaccess.
- look at generated source code of pages to ensure nothing funky in there
The site can be cleaned (I've done it, which is how I developed my procedure). But IMHO there is a strong possibility of malware code on your site allowing those registrations.