This section describes the defacing of a WordPress site by adding an unauthorized user.


Adding unauthorized users, a WordPress hacking (defacing) technique

One of the methods used by hackers to tamper with WordPress is to create a user with unauthorized administrative privileges.

The figure below is a screenshot of an example of a rogue user that was generated in the administrator list of one of our clients.

If such a fake administrator is created in WordPress and the hacker is able to log in, he/she can alter or delete files, add malware, modify the database, or do anything else.

Characteristics of unauthorized users added by hackers and their methods

Rogue users added by hackers have the following characteristics

1.Administrator privileges

2.There should be one administrator, but there are two or more.

3.Not a single post

4.Random string of names or e-mail addresses

5.The domain name of the email address is a domain that does not exist or that you do not recognize at all.

6.Nickname or other required information is missing.

If you see a user with any of these characteristics, it is possible that an unauthorized user has been added by a hacker.

You can check to see if an unauthorized user has been added from the Users > User List screen of the WordPress administration page.

How do hackers add unauthorized users?

Hackers add these users mostly by exploiting vulnerabilities in the site, rewriting the database, or by installing malicious programs on the server that generate malicious users.

What if a rogue user (fake administrator) is identified? What to do about it

If you are certain that the user is an unauthorized user, delete the user.
Or simply change the password to prevent hackers from logging in through that user.

Perform site vulnerability testing and malware inspection and removal.

The creation of unauthorized users on WordPress means that the site (or possibly another site on the same server) is vulnerable or infected with malware (backdoors).

We will search for and remove vulnerabilities and malware using plug-ins, etc.

Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

Also, take basic security measures such as updating plug-ins.

Easy] WordPress Security Improvement Checklist