It would be very unpleasant if one day you suddenly find yourself on a WordPress site with only one administrator and multiple users have been added to the site before you know it. In this article, we will discuss possible reasons for the unintentional increase of users on WordPress and how to deal with it.
Why the sudden increase in users?
If you do not remember adding any users at all, 8 or 9 out of 10 WordPress administrator passwords have been compromised through hacking, and these new users have become a stepping stone for various WordPress tampering attempts (or have already been made).
If the WordPress site is in this state and you are able to edit themes and plugins from the administration screen, it is possible that the code has already been tampered with and is being used as a springboard for various hacking activities, such as spamming or misdirecting visitors to your site to other sites.
How to deal with it?
You can find out if your WordPress site has been tampered with online at sites such as Sucuri Sitecheck. You can also check for vulnerabilities on our WordPress diagnostic site.
If malware is detected or vulnerabilities are found, simply removing the increased number of users will not solve the problem, but will require removing all tampered files, updating the vulnerable WordPress itself and plugins, properly configuring permissions and installing security plugins, Various anti-hacking measures must be applied to the site.