I've been hacked a few times recently by the same person/bot. I believe this was sql injection or something like that because I keep changing the admin credentials, even it's number from user 1 to something else and yet users credentials change to admin and are changed to user 1. I have done extensive cleaning, ect. I am seeing 3 super admins when I only have one and only one is showing in the members column. I need to find the 2nd and 3rd. I see upon attempting to delete accounts that two won't show up in the confirm page , yet are deleted in the column. I believe these are the two hacked accounts. I will delete them from phpmyadmin and see if they reappear in the next couple of days. I'm no longer using the original admin account as super admin, can I delete it as well?
Isn't this my hosts fault since they are clearly editing in phpmyadmin ? I don't have any evidence of database plugins being uploaded, how else could they be manipulating user accounts to "admin" and user 1?