Title: Admin password was changed
Last modified: December 13, 2020

---

# Admin password was changed

 *  [germars](https://wordpress.org/support/users/germars/)
 * (@germars)
 * [5 years, 6 months ago](https://wordpress.org/support/topic/admin-password-was-changed/)
 * Has anyone experienced this before? I got a notification from Wordfence that 
   twice someone from Germany had requested a password change for the above site.
   I didn’t worry too much as the email comes to me. However, I decided to sign 
   in to make sure all was well, and my password didn’t work! I was able to request
   a password change and change it to a new password and I scanned it and found 
   some back door trojan and deleted it. But I’m a bit freaked out how they were
   able to change the password.
 * I’m glad I was notified and have access to the cpanel if anything had gone wrong
   and back up all my sites often. I’ve also tried hiding the login section but 
   that didn’t slow anyone down from finding the admin username or the place they
   were to sign in either.
 * How could they change the password without getting the email? Everything is up
   to date apart from the WordPress version, I’ve updated the theme and the plugins,
   I’m just waiting a week or so before updating WordPress as I have a lot of sites
   to do and I want to be sure that the plugins have had a chance to update and 
   fix bugs.
 * Is there another plugin I should be using on all my sites that is priced so I
   can protect all of my sites?
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fadmin-password-was-changed%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 5 replies - 1 through 5 (of 5 total)

 *  [lisa](https://wordpress.org/support/users/contentiskey/)
 * (@contentiskey)
 * [5 years, 6 months ago](https://wordpress.org/support/topic/admin-password-was-changed/#post-13783677)
 * suggestion: can use check in the database to check on all users to be sure there
   are no unfamiliar users.
 *  Thread Starter [germars](https://wordpress.org/support/users/germars/)
 * (@germars)
 * [5 years, 6 months ago](https://wordpress.org/support/topic/admin-password-was-changed/#post-13783814)
 * Hi [@contentiskey](https://wordpress.org/support/users/contentiskey/) Well, I’m
   the only user on this particular site. I did check the users from within WordPress
   when I got back in. Do you think there could be other users I can’t see if I 
   go to the cpanel?
 *  Moderator [Bet Hannon](https://wordpress.org/support/users/bethannon1/)
 * (@bethannon1)
 * [5 years, 6 months ago](https://wordpress.org/support/topic/admin-password-was-changed/#post-13783966)
 * Since you are already running WordFence, consider turning on it’s two-factor 
   authentication. That should prevent anyone from using your account to gain access.
 * And the suggestion above is a good one: do check in the database for any addition
   users that may not be displaying in the dashboard. Look in the wp_users (or if
   you have a different prefix, xx_users).
 *  Thread Starter [germars](https://wordpress.org/support/users/germars/)
 * (@germars)
 * [5 years, 6 months ago](https://wordpress.org/support/topic/admin-password-was-changed/#post-13784069)
 * Thank you both. What method do either of you use for the two-factor authentication?
 * I did check the wp-users in the database and there is only my login, which is
   good.
 * I guess I’m going to have to do this for all my sites, what a pain.
 *  Moderator [Bet Hannon](https://wordpress.org/support/users/bethannon1/)
 * (@bethannon1)
 * [5 years, 6 months ago](https://wordpress.org/support/topic/admin-password-was-changed/#post-13784231)
 * In a site with WordFence activated, visit your user profile, and down a ways 
   is an option to activate 2FA.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Admin password was changed’ is closed to new replies.

## Tags

 * [admin](https://wordpress.org/support/topic-tag/admin/)
 * [login](https://wordpress.org/support/topic-tag/login/)
 * [signin](https://wordpress.org/support/topic-tag/signin/)
 * [trojan](https://wordpress.org/support/topic-tag/trojan/)
 * [user](https://wordpress.org/support/topic-tag/user/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 5 replies
 * 3 participants
 * Last reply from: [Bet Hannon](https://wordpress.org/support/users/bethannon1/)
 * Last activity: [5 years, 6 months ago](https://wordpress.org/support/topic/admin-password-was-changed/#post-13784231)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics