Rogue user accounts?

I am having a few issues with a client's website that I just can't figure out what to do. Recently, my client's website was experiencing a redirect that was affecting only the mobile view of the website. It appears that I have resolved the issue by deactivating a plugin that appears to have been causing the issue. The current issues, I am experiencing are below:

-The database keeps being populated with rogue user accounts. As a result, one of the admin accounts (which I have deleted from the database), consistently keeps getting notifications of these rogue accounts. I have consistently deleted them but they keep coming back and the admin account (which isn't in the database) keeps receiving the notifications.
-After cleaning the database of all of the rogue users accounts (about 15,000) by emptying the database, I lost access to my administrator's account. In an effort to add the account, I followed a tutorial that showed me how to add an administrator's account using PHPmyadmin panel. The account has been setup but I still don't have administrator's access.

Can anyone help me with these two issues?

  • Adam Czajczyk

    Hello Julius,

    I hope you're well today and thank you for your question!

    A massive registration of such accounts usually means that either your site has been targeted by bots or it has been compromised and is infected with some malicious code. It may also be both of these issues, unfortunately.

    Having said that, I think it may be necessary to check entire site by reviewing entire database and all files against malicious code so you may want to hire a professional developer experienced in such cases as it's a difficult and very specific task.

    First though, if you manage to regain access to admin area:

    - make sure that WP core, all the plugins and themes are up to date
    - scan the site with our Defender plugin for security: https://premium.wpmudev.org/project/wp-defender/
    - preferably install captcha so registration would be protected or disable registration at all if it's not needed

    and see if those registrations stopped.

    As for the admin account. I'm not sure which tutorial did you follow but most of them are pretty much the same as there's only a one way to do this. Please double check all the steps that you taken because it's very easy to make a mistake: data that you edit while doing this is a serialized array and that means that even a slightest mistake can break it.

    If that doesn't help, can you please link me to the tutorial in question?

    Kind regards,
    Adam

  • Adam Czajczyk

    Hello Julius,

    Thank you for sharing the link to the tutorial.

    It seems that there's an error there. In general the guide is fine but please give it another go with following exceptions at the stage where you put this value to the "wp_usermeta" table:

    a:1:{s:13:"administrator";s:1:"1";}

    1. It is said to use the "wp_capabilities" string as "meta_key" value. It's fine but please make sure that your database prefix in "wp-config.php" is actually set to "wp_"; if it's different use it in "meta_key" value. Examples:

    - the db prefix is set to "wp_": meta_key value would be "wp_capabilities"
    - the db prefix is set to "mysite_": meta_key value would be "mysite_capabilities"

    2. The line to add to as value of "meta_value" field should actually be

    a:1:{s:13:"administrator";b:1;}

    instead of the one given in article.

    Give it another go please or just update the "_usermeta" table for the user that you already created using above tweaks and let me know if you were able to get into the site.

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.