Hummmm!! How come these people have become members on my site - while their details doesn't sho

Well I am attaching a screen shot, few unknown people have become members and posting stuff on my website without my knowledge. It shows in RSS feeds that they are members - but their details does not appear in your membership plugin - neither in the 'users' section.

whats up? how to stop this, is it same as spamming?

  • Jack Kitterhing
    • Code Norris

    Hi there @Pawan Arora

    I hope you are well today and thank you for your screenshot.

    Is this a normal WordPress install or A multisite install?

    How many people in total have registered and are posting that shouldn't be? If you go to your posts on your site, do you see the posts they have written or not? The same with the pages? If you go to the wp_usermeta table in your database, can you see the users there?

    Thank you!

    Kind Regards
    Jack.

  • Pawan Arora
    • Site Builder, Child of Zeus

    It is a multisite install.

    I doesn't show any extra posts, or pages.

    It was just that I am using WPMU-DIXI theme - and tried to use the buddypress activity template for homepage - and it showed series of 41 users - i don't know and yes it does not shows all those few users I have registered myself...

    starnge?

  • Pawan Arora
    • Site Builder, Child of Zeus

    Oh yes.....another development, please.

    I was looking at my main site (dashboard), but not my mutisite super admin dashboard. When I tried looking at users there on my super admin dashboard, it does show all those unwanted users.

    What does that mean? How they must have landed up there? using one the sub-sites only? or they have kind of hacked on my super admin dashboard (doesn't look like).

    What to do? and how serious is it? (not yet installed wordfence. is it required still, I can if it doesn't threats the performance, which is already slow, I mean I find wordpress slow.

    Do help.

  • Jack Kitterhing
    • Code Norris

    Hi there @Pawan Arora

    WordFence in my opinion and many others is the best WordPress security plugin there is, however if you already have a slow install, then it may slow it down a little bit more, as the more plugins installed, the general rule is the slower it becomes. But once it's completed the scans and you have checked if it brings up any problems, it can be removed. If you no longer wish to have it.

    But it is vital in seeing what this exactly is, a hack, no notifications being sent, an injection attack etc.

    So it shows the unwanted users on your super admin dashboard? That would be correct, as your users are normally added to the main site, unless you have a plugin or otherwise for registration on a subsite?

    Thank you!

    Kind Regards
    Jack.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.