One of the methods of WordPress hacking is for hackers to manipulate the database and add unauthorized users without permission. We recommend that you regularly check your WordPress account to ensure that no unauthorized users have been added to your account.


Be careful if unauthorized users are added!

If your WordPress site is redirecting to malicious sweepstakes sites or virus detection software, or if your search results are showing a large number of pages that you did not create, such as a large number of mail-order sites, you should investigate whether malicious users have been added to your WordPress site and remove them. In addition to malware inspection and removal, it is necessary to investigate whether any unauthorized users have been added, and if so, to delete them.

If hackers have added unauthorized users, they have hijacked the WordPress administrator privileges, and even if the malware is removed, they can log in as administrators and re-embed arbitrary code into the site to infect it with malware.

Commonly used rogue users

There is some pattern to the rogue users that hackers add.
The most common are,

The most common are users with random strings of user IDs and email addresses. If you find such an unidentified user, we recommend that you delete the user immediately.

In addition, the following types of unauthorized users are frequently observed.
Reference site
https://blog.sucuri.net/2023/04/hacked-website-threat-report-2022.html

Illegal user ID Incorrect user email We have found this in our company
Sendsdesr 123@abc.com Yes
AdminZaxHH34 wp-security@hotmail.com
Adminlin coderbruh@protonmail.com
wwwadmin gd_support@wordpress.org.com Yes
superuser support@wordpress.com Yes
rxrhack1337 email@email.em Yes
controllers mail@maill5.xyz
siteseomanager461 test@test.test
wp-system support@wordpress.org Yes

How to deal with unauthorized users

If a rogue user is simply deleted, hackers will not be able to log in with administrative privileges.
If you are unsure whether a user is a rogue user or not, you can change their password to make it impossible for them to log in.

If an unauthorized user has been added, it is highly likely that malware (a virus) has been embedded in the site, and we recommend that you investigate, detect, and secure the malware.

Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].