My wordpress account was hacked
There are many things I am worried about everyday but I never thought I had to worry about having my WP account hacked.
I rarely post in the WA but I thought this one could be helpful in case you experience something similar.
So I logged in today and didn't see anything unusual. I closed my computer for dinner and just reopened it a few minutes ago to find this weird admin account. I normally only have 2 accounts and only use one of them for content creation.
The account shows right under my 2 accounts with 2 buttons:synchronize and login. I didn't click on neither of them (hell no...)
I was about to send a request to customer service whenI found this interesting post from Loes.
Here it is in case you are curious:
https://my.wealthyaffiliate.com/training/prevent-wordpress-w...
I've been using this theme found through WA for a year now and never experience any problems that suggested my account was hacked but who knows? I do have major problems in terms ranking for a couple of months now. I know this may not be in anyway related but a poor security design theme is surely not a good thing in Google's point of view.
Anyways, I deleted the hacker's and the unused admin account and reset my password.I must admit that it's pretty scary to know that someone was able to access the wp console and create an account with full adminsitraive rights...
I hope that's the only thing they did.
Recent Comments
8
Hi C, that's very strange indeed, I got an email stating I had another user in my WP account, so I signed in and there is another user totally unbeknown to me sitting under my name not sure about all this but I just deleted it.
Very strange Thanks, Shane.
Hi there, just to let you know, I've followed the suggestion from Marion and maybe you should have a look at it if you think your account was hacked.
You can read her comment at the top of this comment thread.
I've just installed wordfence security plugin and found some interesting pieces of information to fix my problem.
I hope it can help you protect your website as well!
All the best,
Hi Carolyn, I too followed Marion's advice and have fixed the breach. Thank you for your support,
Shane.
See more comments
There was a major security breach in the GDPR plugin which allowed bad actors to create admin accounts. They fixed it with an update within a day. Trouble is that some of us don't keep our plugins up to date. I check for updates every single day. Updates
Marion, thanks so much for your help.
I did have a new update for the GDPR plugin. I updated it after reading your reply last week. Everything was fine until today.
I had a bad surprise this morning, though: 2 new admin accounts created by total strangers...
I wonder if I should just uninstall the plugin and see if it seems to stops in a month or so.
What do you think?
Install Wordfence security plugin and run a scan. Your site was hacked before you updated the plugins and they left a back door open for hackers to come back. Don't let this happen to you
Thanks Marion, I do this right away!