One of the methods of WordPress hacking is for hackers to manipulate the database and add unauthorized users without permission. We recommend that you regularly check your WordPress account to ensure that no unauthorized users have been added to your account.


Be careful if unauthorized users are added!

If your WordPress site is redirecting to malicious sweepstakes sites or virus detection software, or if your search results are showing a large number of pages that you did not create, such as a large number of mail-order sites, you should investigate whether malicious users have been added to your WordPress site and remove them. In addition to malware inspection and removal, it is necessary to investigate whether any unauthorized users have been added, and if so, to delete them.

If hackers have added unauthorized users, they have hijacked the WordPress administrator privileges, and even if the malware is removed, they can log in as administrators and re-embed arbitrary code into the site to infect it with malware.

Commonly used rogue users

There is some pattern to the rogue users that hackers add.
The most common are,

The most common are users with random strings of user IDs and email addresses. If you find such an unidentified user, we recommend that you delete the user immediately.

In addition, the following types of unauthorized users are frequently observed.
Reference site
https://blog.sucuri.net/2023/04/hacked-website-threat-report-2022.html

Illegal user ID Incorrect user email We have found this in our company
Sendsdesr 123@abc.com Yes
AdminZaxHH34 wp-security@hotmail.com
Adminlin coderbruh@protonmail.com
wwwadmin gd_support@wordpress.org.com Yes
superuser support@wordpress.com Yes
rxrhack1337 email@email.em Yes
controllers mail@maill5.xyz
siteseomanager461 test@test.test
wp-system support@wordpress.org Yes

How to deal with unauthorized users

If a rogue user is simply deleted, hackers will not be able to log in with administrative privileges.
If you are unsure whether a user is a rogue user or not, you can change their password to make it impossible for them to log in.

If an unauthorized user has been added, it is highly likely that malware (a virus) has been embedded in the site, and we recommend that you investigate, detect, and secure the malware.

Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

Related Posts:

  1. What to do for your site users when WordPress is hacked, tampered with, or hijacked.
    This page explains how to respond to users (those who use the site) when there is a possibility of damage to users who visit the site, such as being redirected to another site, being sent to a sweepstakes site, or downloading malicious files due to WordPress tampering. This page explains how to respond to users (those who use the site)...
  2. What is a WordPress injection attack?
    There are various methods by which WordPress can be hacked, the most common of which is called an injection attack. This section describes these injection attacks....
  3. Security measures for plugins, themes, and WordPress updates (updates) that are difficult to keep up to date
    Updating (updating) a WordPress site’s plug-ins, theme, or main body will overwrite the code, so it may be difficult to update if you have customized the site in any way. In addition, many sites have been stopped by their creators from updating their sites because of the possibility of malfunctions that may occur if the above mentioned updates are made....
  4. What is a WordPress Vulnerability? Explanation of PHP Program Vulnerabilities
    What are the vulnerabilities that are often mentioned when a WordPress site is tampered with or infected with malware (viruses)? In this article, we will discuss program vulnerabilities....
  5. WordPress Rarely, a redirect hack that sends the site to another site only from Google search results.
    This section describes a redirect hack that forces WordPress to go to a different rogue site only in rare cases (some patterns say only on smartphones) when jumping from search engine results, and explains how to deal with it....
  6. Passwords that should not be used in WordPress users
    This section describes the types of passwords that should not be used in WordPress....