User 123@abc.com, which you don’t remember creating in WordPress, is an admin user that hackers add illegally.


Hackers create unauthorized users on WordPress

WordPress administrator privileges are powerful privileges that allow you to edit, add, and even delete any file on the server, including adding plugins on the server.

Therefore, hackers can take advantage of vulnerabilities to create backdoors into the site and create users with unauthorized administrator privileges on WordPress.

Reference
Percentage of WordPress sites that are hacked

User 123@abc.com, which you don’t remember creating in WordPress

User 123@abc.com, which you don’t remember creating in WordPress, is an admin user that hackers add illegally.

Other unauthorized administrator users often have the following characteristics

・Creation of zero posts or fixed pages
・Random and meaningless string of user IDs
・Email address from a completely unrelated domain, or an email address containing a random and meaningless string of characters

Countermeasures

If there are user 123@abc.com, this user is an administrator user that hackers produce illegally. We recommend that you delete this user if it exists.
(We recommend that you back up your database when deleting the user.)

It is also possible that files on WordPress have already been modified by the unauthorized user.
For this reason, we recommend that all sites on the server be scanned for malware and removed.

Reference
If no WordPress malware is found, where is the malware hidden?
What to do if multiple (or all) sites on a single server are infected with malware

Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

Our experienced technicians will take care of WordPress WordPress malware removal and security measures on your behalf. Please feel free to send us your request or consultation.