Recently I have found some new users have been created on my wordpress site, obviously showing my site was hacked.
I cleared all users, changed passwords and checked the database for any hidden users. I even limited the wp-login to my own ip so no one but me can see it.
Today I checked my recent activity and found this:
“WordPress created hdfnfykw (sample@email.tst)”
When I click on the “wordpress”, which is a username, it goes to this address:
http://www.myblog.com/wp-admin/user-edit.php?user_id=0
which is an invalid user, but as far as I can tell, this user is making all of those fake usernames.
Any idea why this would happen? (I also checked my theme files for any code that creates users automatically)
It would be awesome if someone could spare me with some knowledge here.
Thanks
Supposedly you have an old version of wordpress or any theme or plugin, which has vulnerabilities. You should immediatly update all components to the newest version. If you use a less-popular plugin, maybe it has some vulnerabilities which were not dedected yet.
If it is possible, disable potentially vulnerable plugins and see if the user creation continues.
Edit: You should also check if you have activated the feature that users can register themself without admin access. You can check this in options->general.
i have just fixed my issue by Unchecking the option in wordpress
Anyone can registerhttps://i.stack.imgur.com/qVMvp.png