Don't let this happen to you
Don't let this happen to you
In the last few days I have seen reports of websites being hacked with new users being added with administration rights.
The issue was caused by a flaw in the GDPR Compliance plugin. The flaw was rectified very quickly and an update to the plugin is now available. But it's up to you as the website owner to update your plugins.
To check if your site has been hacked go to Settings > General and make sure there's no tick in the Membership box for "Anyone can register". And ensure that the new user default role is subscriber.
If what you see is a tick in the membership box and the default user role of administrator then your site has been hacked.
How to Update
To keep your website up to date, follow the steps in this video
If you've been hacked
Go to Settings > General and take the tick out of the box for Membership Anyone can register and change the New User Default Role to Subscriber.
Next, go to Users > All Users and delete any users which should not be there. Then change your website passwords.
When you keep your plugins, themes and WordPress up to date you will have less issues with security. I also recommend that you install Wordfence security plugin and run regular scans to check for security issues.
Please do not ignore the signs that your website needs updates. Updates are an essential part of the process. We get new features and bug and security fixes frequently. And these are provided through the updates.
I check my website every single day to see what updates are required. I urgently suggest that you do the same.
Recent Comments
166
I figured that one out after a while on my first website here at WA. This was before the GDPR came out. I believe it was checked on by default and I just never noticed until I started getting these new subscribers with weird email addresses. The domain names didn't make sense and looked spammy. Sure enough, I verified that they weren't legit and fixed the issue myself. I never had any problems after that.
Thank You another step to jump, These people who hack they are smart would think that they would have a money making website with No Problem, But they steal from others.
That was something I was unaware of so have checked my settings.
Thank you for that important information Marion.
Guy
See more comments
Thanks for letting others know about it.
Happened to me and I immediately contacted site support. I can vouch that this is the exact same thing that happened and when they had unchecked the box for "anyone can register", everything went back to normal.
Thank God I caught it quickly enough, that there was no damage (as far as I can see right now) done to my website.
I actually found out about it because I received a notification in my email registered with WA that new users were added to the backoffice of my website, when I had added nobody. And nobody else has access to my backoffice either.
Check your emails regularly!! That's my advice. Else I would have never known about it.
Apparently, even changing that setting doesn't help because it gets changed again without your knowledge. You need to update the plugin.
Thanks Marion.. :) I have updated it..