Around 30% of the WordPress sites we receive these days have rogue WordPress users, and the hacking technique of creating rogue users on WordPress is spreading.

*The contents of this page were created based on the results of Sucuri’s survey
https://blog.sucuri.net/2024/06/2023-hacked-website-malware-threat-report.html

User IDs of unauthorized users created in WordPress

1. wp_update-random alphanumeric
2. wp-demouser-44
3. Test-random alphanumeric
4. wp-import-user
5. administratoirr
6. administratoir
7. wwwadmin
8. wpadminns
9. Sendsdesr
10. AdminZaxHH34
11. rxrhack133

In our experience, other common fraudulent username is ismm.

User email addresses of fraudulent users created in WordPress

The email addresses used by the above malicious users are as follows

1. wadminw@wordpress.com
2. 123@abc.com
3. email@email.em
4. support@wordpress.com
5. admin@gmail.com
6. wp-security@hotmail.com
7. wordpressuser@gmail.com
8. admin@admin.com
9. test@gmail.com
10. mail11@maill5.xyz

What to do if an unauthorized user is generated in WordPress

WordPress users can be found in the User List screen of the Administration page.

Generally, there are only a few administrator users at most, but check to see if there are any users with email addresses you do not remember creating. Check to see if there are any users with email addresses that you do not remember creating or that are not in use.

If an unauthorized user exists on your WordPress site, it means that a hacker can log in to your site with that user and do anything he/she wants, including altering the site content, modifying program files, and installing malicious programs.
Please back up your database and remove such users or change their passwords so that hackers cannot log in.

How do I eliminate the cause of the creation of an unauthorized user?

The creation of an unauthorized user means that the hacker has access to your site’s database and can write data to it.

The most common way to do this is to use a plugin that directly rewrites the database or some vulnerability in the theme. (Database rewritable vulnerabilities are rarely found, and most of them can only rewrite limited parts of the database.)

The most common scenario is that a vulnerability that allows file tampering or file installation is used to install malware files, and then an unauthorized user is written to the database.

It is therefore important to eliminate such malware called backdoors.
Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

After removing the malware, it is also important to close the vulnerabilities that allowed hackers to install malicious files on your site in the first place.

Reference page
5 Free WordPress Security Measures

Related Posts:

  1. IDs, email addresses of unauthorized users of WordPress
    One of the methods of WordPress hacking is for hackers to manipulate the database and add unauthorized users without permission. We recommend that you regularly check your WordPress account to ensure that no unauthorized users have been added to your account....
  2. What to do if there is a user 123@abc.com in WordPress that you don’t remember creating.
    User 123@abc.com, which you don’t remember creating in WordPress, is an admin user that hackers add illegally....
  3. WordPress outputting user login ID and ID number in JSON issue
    WordPress outputs user login IDs and ID numbers in JSON. Although this is a specification, it may make your site more vulnerable to hackers for security reasons....
  4. Check regularly for unauthorized users added to WordPress!
    This section describes the defacing of a WordPress site by adding an unauthorized user....
  5. wordpress Strengthen the security of your wordpress login.
    Take action before you become a victim of site defacement due to WordPress login privilege seizure. What if a login vulnerability allows hackers to seize administrative privileges? The most noticeable change is that the number of WordPress users increases without your permission, which means that hackers have taken over the administrative privileges of your site. By creating users, hackers can...
  6. Is it dangerous to install PHPMYADMIN in the same folder as WordPress?
    phpMyAdmin is a widely used database management system that allows you to view your database and make all possible edits and modifications in your browser, but it can cause security problems if it is installed in the folder where WordPress is installed. We will explain the reasons for this....