advice Is this wordpress hack ?

[Isac]

Someone Registered on my wordpress website shoutscoop.com but as per my website Membership settings " No User can register " . This is an email i got "


WordPress [email protected] via cp-in-10.webhostbox.net
to me

New user registration on your site Shout Scoop:

Username: odislav48

Email: [email protected]

.
.
when i opened my website and checked user i was shoked to see " he is registered as an Administrator ". So i quickly removed . I didn't understand whats going on ?

 

[Isac]

I mean how many names do you have built out in wp with your hosting account?
Access can be made through your cpanel, is there only one name you have developed in your cpanel?

I have opted for single domin linux hosting . which is a shared hosting.

 

[Constantin S]

But this is another one, you where got targeted because of some security hole in your website or via some other website which was in the same network.

It's a different case, as @Isac has unchecked "Anyone can register". He is no way get any message again.


Show attachment 58301

Honestly I don't really care that I got hacked atm, because I'm in progress to redesign my website and when I'll finish it i'll make sure to be secure as hell

 

[barefooted]

I think if the hacker had cpanel access, he could do whathever he wants and no need to create WP admin account to get noticed.

Most probably you have a backdoor in your WP code.

If you recently installed new themes or suspicious plugins, it may be hidden there and then called via URL to auto-create new admin accout.

This method does not use registration interface and maybe could not be blocked by security plugins.

You better search all your site's .php files, especially functions.php, for that admin name and email.

Btw, email used is from Ukraine and is flagged as spammy, so maybe sending spam emails from your account is the purporse of that account - check your sent mail too.

 

[Primary Names]

Great advice from @barefooted , but its gonna be tough to scan all those lines of code, unless you are a savvy coder and know what you are doing. Most probably someone has left a backdoor in a hacked plugin/theme, you might have downloaded from "somewhere".

Deleting that user id is not gonna work unless you delete the plugin/theme itself. But deleting that itself might not work if the code might have injected itself into wordpress core files.

I have had this type of issues in past. Since I am the paranoid type, I have almost always ended up reinstalling the core files. But there is one good habit that helped, I always have a back up of my DB. Also I mostly use plugins from the wp-repository only.

Goodluck.

 

[Emmy101]

You should change the administrator account's email and password, and be careful with plugins/themes some are outdated and could be used to hack your website over and over.