Since the past 3 days, I am seeing that every day a new user registers to my WordPress site. The default role is admin and it's very concerning. Their email ids are [email protected] and [email protected].

I have started using Wordfence and disabled Anyone Can Register in Settings > General.

Can you suggest me what additional shall I do?

Right now, I am manually deleting registrations.

Since the past 3 days, I am seeing that every day a new user registers to my WordPress site. The default role is admin and it's very concerning. Their email ids are [email protected] and [email protected].

I have started using Wordfence and disabled Anyone Can Register in Settings > General.

Can you suggest me what additional shall I do?

Right now, I am manually deleting registrations.

• security

Share Improve this question asked Jun 16, 2019 at 2:28 Vaibhav SharanVaibhav Sharan 1 1

• Hi Vaibhav! We don't cover security questions in this community. I recommend you talk with a WordPress security expert asap. This is not normal behavior for a WordPress site. – MikeNGarrett Commented Jun 16, 2019 at 22:12

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

I suspect that there is malware files on your system that is allowing those user registrations. There are lots of googles/bings/ducks on how to clean a hacked system. (I use my own procedure here.)

What I would do is these things:

• change all credentials everywhere (hosting, FTP, admin etc)
• create a new admin user with a very secure password, log in as it (to verify it works), then demote the current admin user(s) to lowest level. Especially if your admin user is called 'admin'.
• disable xmlrpc.prg on your site (that can be a hack intrusion point)
• reinstall WP (use the Update on the dashboard).
• reinstall all theme from good sources via FTP. Do the same for all plugins
• Manually look at all files in all folders on your site for 'bad' files. Sorting by date helps, since you updated everything - all updated files should have the same datestamp, so unwanted files will stick out. Don't forget to look at all hidden files, including htaccess.
• look at generated source code of pages to ensure nothing funky in there

The site can be cleaned (I've done it, which is how I developed my procedure). But IMHO there is a strong possibility of malware code on your site allowing those registrations.