I've a question about user role in WordPress.
After new user already registered. They can access with superadmin and customer role.
They can access to /wp-admin/, create blog, etc..
For my understanding, new user should get only 1 role, such as "customer".
I tried to investigate in my website. All user were assigned 2 roles: "customer" and "superadmin".
I think my website has been attacked by hacker.
How can I block them and how can I fix the user role issues.
Thank you so much
I've a question about user role in WordPress.
After new user already registered. They can access with superadmin and customer role.
They can access to /wp-admin/, create blog, etc..
For my understanding, new user should get only 1 role, such as "customer".
I tried to investigate in my website. All user were assigned 2 roles: "customer" and "superadmin".
I think my website has been attacked by hacker.
How can I block them and how can I fix the user role issues.
Thank you so much
Share Improve this question edited Apr 12, 2019 at 11:50 fuxia♦ 107k39 gold badges255 silver badges459 bronze badges asked Apr 12, 2019 at 11:38 Seksit YathakarnSeksit Yathakarn 111 bronze badge1 Answer
Reset to default 0To restore super admin to just the admin username:
<?php update_site_option( 'site_admins', array('admin') ); ?>
Place a PHP file with this line in your /wp-content/mu-plugins/ directory and access any site URL. Once done you can delete the file.
Alternative you can edit the site_admins key directly in the wp_sitemeta table (but the first is easier as it will be serialized data.)
You probably want to check your default_role options also, as well as checking for other user role and capabilities in case they have been changed too.