security issue in website

  • globalshreiks · Member ·

    Hello Community Members, I need urgent help to get rid of this.

    I am facing a serious security issue on my website, where the attacker is creating random administrator accounts and posting spam content on my website.
    https://prnt.sc/1wooyb6

    Now, I’ve installed Wordfence which is preventing attackers from login & post spam content. But still, they can make Admin accounts.

    I did these steps but nothing worked
    *Changed Theme
    *Removed Un-used or low rating plugins
    *Removed All Admin accounts (Except me)
    *Mandatory 2FA for all accounts

    If anyone knows how to fix this, it would be much appreciated.

    I don’t have a site with WordPress.com yet

  • kokkieh · Staff ·

    Hi there,

    It sounds like you’re using the open source version of WordPress. That’s made by the community over on WordPress.org, and is not the same thing as the hosting provider, WordPress.com, where you’re posting now.

    Have you updated your login details at your hosting provider, for your hosting account, PHPMyAdmin, and FTP? If whoever is doing this has access to any of those, no security measures you take on the site itself will have any effect, as those allow them to make changes directly in the database or on the server.

    I recommend you contact your hosting provider directly for help to make sure all access to your site from their end is secure.

    I also suggest you post in the WordPress.org community forums to ask for more advice on this. The people there should be able to help you troubleshoot other methods this person might be using to create the accounts, and give you advice on how to plug those gaps.

    Lastly, I also found the WordPress.org documentation on improving site security. You can take a look at that here:

    https://wordpress.org/support/article/hardening-wordpress/

  • The topic ‘security issue in website’ is closed to new replies.