Today, I found out that a new administrator has been added to my WordPress website. It uses the wadminw username with [email protected] email.
I tried removing that specific user but it just is recreated on my site after a day or two. Has anyone else had the same experience? Please help. Thank you.
I have been trying to clean this up too to no avail. What I did to try and avoid that same user to be recreated automatically by the malware/hacker is to delete it and create a new user with the same username but use a different email that you control. They shouldn’t be able to create the exact same username – hopefully.
That’s a viable idea. I just found out that the same user has been created again on some of my sites. Will do the same as you mentioned. Thanks for sharing your idea, bro. Let’s see if it works for me.
Hi, I just experience this on my sites as well. I have 2 that’s infected with this. The weird thing is that in WP-Cerber log, the account is created by my main Administrator account. So, it’s hard to block it as it seems done by the user account. I have tried changing my password and logging out from anywhere else, but did not fix the issue.
When the account is created, it installs random theme related to SEO. When I first discovered it, I found several folders in the “Plugins” folder randomly named – query-monitor, optxxx, zend-fonts-wp, seoplugins, etc.
I’m still looking for ways to stop this. Really annoying.
è successo anche a me.. come avete risolto?
Hi, like seogod mentioned, I deleted the user account wadminw and create a new account with the same name. Different password and different email. Also blocked using WP Cerber. This way, hopefully the malware won’t be able to create the same user account.
wadminw 삭제하고 다시 내가 wadminw을 만들었는데 다음날 이름을 바꾸어서 새로운 가입자가 생성되었습니다.
해결방법을 못찾겠어요. 도와주세요..
Try not to delete it. Just change the role from administrator to a subscriber, then change the password. If possible block it and log them out from anywhere else. It should be in the user profile setting.
Translation using Google Translate: 삭제하지 마십시오. 관리자에서 가입자로 역할을 변경한 다음 비밀번호를 변경하기만 하면 됩니다. 가능하면 차단하고 다른 곳에서 로그아웃하십시오. 사용자 프로필 설정에 있어야 합니다.