Don't let this happen to you

Last Update: November 15, 2018

Don't let this happen to you

In the last few days I have seen reports of websites being hacked with new users being added with administration rights.

The issue was caused by a flaw in the GDPR Compliance plugin. The flaw was rectified very quickly and an update to the plugin is now available. But it's up to you as the website owner to update your plugins.

To check if your site has been hacked go to Settings > General and make sure there's no tick in the Membership box for "Anyone can register". And ensure that the new user default role is subscriber.


If what you see is a tick in the membership box and the default user role of administrator then your site has been hacked.


How to Update

To keep your website up to date, follow the steps in this video

If you've been hacked

Go to Settings > General and take the tick out of the box for Membership Anyone can register and change the New User Default Role to Subscriber.

Next, go to Users > All Users and delete any users which should not be there. Then change your website passwords.

When you keep your plugins, themes and WordPress up to date you will have less issues with security. I also recommend that you install Wordfence security plugin and run regular scans to check for security issues.

Please do not ignore the signs that your website needs updates. Updates are an essential part of the process. We get new features and bug and security fixes frequently. And these are provided through the updates.

I check my website every single day to see what updates are required. I urgently suggest that you do the same.


Join the Discussion
Write something…
Recent messages
affmrknowlge Premium
Thank you for the reminder that it is important to keep your plugins updated. The only problem with this is if you update you version of Wordpress some of your plugins may stop working. This is because the plugin creators haven't updated your plugins to work with the updated version of Wordpress.
Reply
MarionBlack Premium
It's a constant circle of updates keeping up with updates. If the theme and plugin developers don't keep up then it's a good idea to find alternatives.
Reply
affmrknowlge Premium
I agree. That is a good idea. The information you shared is very helpful to anyone that installed the GDPR plugin. Many people, and I know I would be concerned if hackers had got control of my website. I had my website hacked and there was nothing I could do but go into cPanel and delete the Wordpress files. I probably shouldn't have commented as it didn't help anyone when what webmasters needed was a solution to their problem.
Reply
LeeMcQuay Premium
Thank you very much Marion. We are so lucky to have you and Loes.

I completely missed this post and noticed Loes had posted about it.

I wasn't affected thank goodness, but I am sure those who were are greatly appreciative of you helping them.

You are always ahead of the game and looking out for all of us. Thank you again for all you do for us.

Lee Ann
Reply
PaulChatwin Premium
Thanks Marion,
I was struggling with what to do about this hack as Wordpress had warned me that something had added itself as a user. Simply deleting it wasn't enough. After following your advice I found the same admin hack on 3 websites and changed the settings plus updates as you suggested.
Hopefully sorted now.
Many thanks.
Paul
Reply
MarionBlack Premium
I'm glad you've got it all sorted now, Paul.
Reply
RobinHudson Premium
Hi Marion, I honestly don't check out many messages... Awesome job on your TITLE! :) I checked out what you brought to our attention and can't believe the number of names that were on my list! I checked off that box because I thought it meant people could subscribe to my list. Anyway, 30+ names were on!!! I always deleted their emails and thought that was the end of it. I followed your directions and want to say THANK YOU SO MUCH!
Reply
MarionBlack Premium
Thanks for the pretty picture 😊
Reply
sharoncl Premium
Thanks Marion, I did a post on this the other day Only difference is my plugins are religiously updated and I had no out of date ones.

I have now installed the security plugin now though.
Reply
Ray619 Premium
Thanks for the info Marion you are super awesome and helpful
and that's why I followed you from the beginning here at WA,
I just did the update but everything was fine I also checked general as well all good and safe there, I have much respect for you gbu and you're family always.
Reply
KBean Premium
Hi Marion B. and thank you for your post about possible hacking. I thought that "Subscriber" meant someone was just using and signing into the site. I was wondering "why were new passwords being added", but as I'm new to websites, I guess I was wrong.

thank you very much,
Kevin B. "KBean"
Reply
taejoonsdad Premium
Sorry that happen to you Marion. You've been a big help to me, and with this info, continue to do so. Sucks when bad things happen to good people.

It's not much consolation, but everything does happen for a reason. I just hope this incident finds good ending eventually.

Thanks for keeping us informed. Hoped they didn't mess up to much hard work.
Reply
MarionBlack Premium
It didn't happen to me because I'm always on top of updates and security. But I've read about it happening to a number of people here.
Reply
Chrissies Premium
I just checked, and although I had no tick in the membership box, there was a new admin called admin_update - I did not like the sound of that as I had never given any permissions, so I immediately deleted it. I hope that was the right thing to do.
Should I now change the password, if so, how would I do that please.
But when I checked another website, the same thing had happened and the box was ticked. Same user : admin_update@presale.com. So I guess I must work out how to change the password.
Thank you so much Marion :)
Reply
Chrissies Premium
Sorry Marion, I just reset my passwords, is that all I need to do?
Reply
MarionBlack Premium
No Chrissie. You MUST keep all your plugins, themes and WordPress up to date and install Wordfence. Without the updates the vulnerability stays there and can get exploited again and again.
Reply
Shwni Premium
Thanks Marion, and Loes for pointing me to this, I just checked my sites and thankfully they are all ok but I had to make sure as I had an unusual spike in my traffic stats here in WA the last couple of days and I'm not sure where it came from so it got me a bit concerned.
Have a look at the screenshot I just took, its a huge spike in traffic out of the blue, weird!
Reply
shadonna Premium
Thanks, Marion a few days ago I noticed a new user on my account and deleted him however up till now I did not do anything else. I just looked and noticed I had the tick in the membership box and the administrator on, so I did as you said and will continue to monitor thanks so much, Shane
Reply
Freisia Premium
Thank you for some very timely advice Marion and to Loes for promoting this post.
We have been hacked big time recently and hackers are getting more sophisticated in how they work so yes we do need to stay on top of the management of our work and websites ensuring updates are constantly checked.
Reply
RDulloo Premium
Thanks for letting others know about it.

Happened to me and I immediately contacted site support. I can vouch that this is the exact same thing that happened and when they had unchecked the box for "anyone can register", everything went back to normal.

Thank God I caught it quickly enough, that there was no damage (as far as I can see right now) done to my website.

I actually found out about it because I received a notification in my email registered with WA that new users were added to the backoffice of my website, when I had added nobody. And nobody else has access to my backoffice either.

Check your emails regularly!! That's my advice. Else I would have never known about it.
Reply
MarionBlack Premium
Apparently, even changing that setting doesn't help because it gets changed again without your knowledge. You need to update the plugin.
Reply
RDulloo Premium
Thanks Marion.. :) I have updated it..
Reply
CheriJ1 Premium
I never got emails, but I did have this issue on one of my sites. Thanks to Tech Support for their prompt assistance and Marion's insights, the site is whole again. The damage and frustration spammers cause is horrid but the GOOD in this community is truly awesome! :)
Reply
DGArchitect Premium
I figured that one out after a while on my first website here at WA. This was before the GDPR came out. I believe it was checked on by default and I just never noticed until I started getting these new subscribers with weird email addresses. The domain names didn't make sense and looked spammy. Sure enough, I verified that they weren't legit and fixed the issue myself. I never had any problems after that.
Reply
NeptuneSiver Premium
Thank You another step to jump, These people who hack they are smart would think that they would have a money making website with No Problem, But they steal from others.
Reply
deelilah Premium
Thank you, Marion. I will check these things now.
Reply
HalimNajm Premium
Thank you Marion
Reply
Nancy29 Premium
Thanks for the information. I'm working on updating this afternoon and this is helpful.
Reply
GuyW1 Premium
That was something I was unaware of so have checked my settings.

Thank you for that important information Marion.
Guy
Reply
FKelso Premium
Valuable information. Starring this one.
Reply
DaveMG Premium
Thanks for this, Marion. 👍
Reply
MKearns Premium
Thank you for this great message, Marion. Security is on my mind today also!
Reply
CheriJ1 Premium
Excellent reminder for us all to remain diligent. Thank you, Marion.
Reply
lesabre Premium
Thank you Marion
Reply