Title: Create automatically admin user
Last modified: September 10, 2018

---

# Create automatically admin user

 *  Resolved [Mohammad Bana](https://wordpress.org/support/users/tamadon/)
 * (@tamadon)
 * [7 years, 9 months ago](https://wordpress.org/support/topic/create-automatically-admin-user/)
 * hi
 * Create automatically admin user in my site
 * This account information :
 * user : administrator
    email : [support@wordpress.org](https://wordpress.org/support/topic/create-automatically-admin-user/support@wordpress.org?output_format=md)
 * What is the reason for this?

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [abletec](https://wordpress.org/support/users/abletec/)
 * (@abletec)
 * [7 years, 9 months ago](https://wordpress.org/support/topic/create-automatically-admin-user/#post-10674088)
 * Hello, tamadon, & welcome. I suspect the reason for it is that your site has 
   likely been compromised. The folks at wordpress.org do not have the ability to
   create administrative accounts on peoples’ sites, & also probably wouldn’t use
   a username of ‘administrator’ even if they di.
 * Please delete the user, also please change all your passwords on your dashboard,
   your hosting control panel, & your WordPress database to something impenetrable,
   ie, make it long & w/upper & lowercase letters, numbers, & punctuation marks.
   You may well need to reinstall WordPress, & you should check your database to
   ensure it hasn’t been compromised in the process.
 * Please let us know if you need additional help.
 *  [abletec](https://wordpress.org/support/users/abletec/)
 * (@abletec)
 * [7 years, 9 months ago](https://wordpress.org/support/topic/create-automatically-admin-user/#post-10674101)
 * tamadon, here’s a separate post that might help you fix your site.
 * A resource you can go to is:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
 * When dealing w/a site compromise, the objectives are twofold:
    1) Fix the site;&
   2) Fix backdoors that the hacker used to gain entrance into your site, so this
   hopefully will not happen again.
 * Most people place great emphasis on objective #1, but, in truth, the 2nd one 
   is actually the most important, as, without it, your site will continue to be
   reinfected.
 * Here are the steps to take.
 * First, notify your host, as this might be a serverside hack as opposed to simply
   a site compromise. Also, if you’re on shared hosting, the hack has the potential
   to compromise the entire server. Additionally, you may wish to take the site 
   offline, & your host can help you do this. They might not help you–then again,
   they might. You won’t know unless you notify them. If they say it’s not their
   responsibility, (& it really may not be), then please continue reading.
 * Second, scan any devices you will use to log onto your website for malware (malicious
   software like viruses, etc). It does no good to follow these steps if malware
   phones your credentials home to their command & control center. It’s actually
   better to do more than 1 scan, each using a different program, as no single malware
   scanner can detect everything.
 * Third, secure your network. Definitively use secure FTP (file transfer protocol)
   as opposed to regular FTP. The port used for secure FTP varies from host to host.
   Many use port 22, some 2222, while others use different ports altogether. Check
   their knowledge base or call their support. You can ask this question when you
   notify them of the compromise in the first step. You can use a client like Filezilla,
   which can do secure file transfers.
 * Never log onto your site using a public WiFi hotspot, such as those in hotels,
   cafes, etc. Make sure you’ve changed the default password, Ssid, (&, if applicable)
   the username on your router/modem. If you don’t use wireless, turn it off in 
   your router’s options.
 * All these steps are required to ensure that no one can snoop your credentials,
   etc.
 * Now that the device you’ll use to fix your site, as well as your network, is 
   secure, it’s time to direct your attention to actually fixing your site.
 * Next, please log into your website hosting provider’s control panel from a secure
   connection and change all passwords, including those to any databases you may
   have set up. This includes your control panel/FTP credentials & your WordPress
   database. Also, change your salt keys as per the instructions in wp-config.php
   to log out all users. Please make the passwords long, containing upper & lowercase
   letters, numbers, & punctuation.
 * Next, take a backup of your website’s files. Be certain to label it such that
   the label contains both the date you backed it up on, as well as the word “hacked”–
   we certainly don’t want you accidentally restoring this backup! This can be helpful,
   though, in terms of perhaps being able to determine how this occurred, though
   my feeling is that it likely did so because of an outdated site, weak passwords,
   or unmaintained 3rd-party plugins or themes on the site. Probably you should 
   just back up your web root. Depending on your host, it might be called public_html,
   htdocs, www, or /. If you don’t wish to back up the entire root, then at least
   back up your uploads folder, as well as others that might contain content that
   can’t be replaced.
 * Please also back up your database as well. The article at
    [http://codex.wordpress.org/Backing_Up_Your_Database](http://codex.wordpress.org/Backing_Up_Your_Database)
   shows you how to do that, in case you need it. The section regarding phpMyadmin
   is likely the most relevant to your case. It’s going to be necessary to search
   that database file to see if any evidence of the hack exists there. That can 
   be done by opening the file in a text editor. To start off with, consider searching
   for the words:
 *     ```
       <script
       <? php;
       base64;
       eval 
       ```
   
 * preg_replace
    strrev
 * This is not an exhaustive list, nor is the presence of any of these words conclusive
   proof of a site compromise, though some are more suggestive than others.
 * You might also wish at this point to backup your WordPress content. To do that:
   *
   Log into your WordPress dashboard. * Go to ‘Tools > Export’. * Choose to export
   all content.
 * While in your dashboard, go to ‘Users > All Users’ and delete any users there
   that you don’t recognize, especially administrators. A WordPress account should
   never contain the username ‘admin’. If yours does, make an administrative account
   that does not contain the word (don’t forget to use a very strong password), 
   then delete the old admin username account.
 * Also be advised that sometimes supposed image files can contain code, so open
   all your image files, particularly in your uploads folders, to ensure they really
   are images & don’t contain code. Better yet, if you have the images on your machine,
   replace files in the uploads folders with them.
 * If you find nothing, either in your database or in your /uploads folders, then
   the next step is to delete, then completely reinstall WordPress, as well as any
   plugins or themes you were using. Simply reinstaling WordPress from the dashboard
   is not effective. I also advise creating an entirely new database w/a new user&
   password. You can then import your content into the newly reinstalled site.
 * Please also let someone knowledgeable look at your .htaccess file so they can
   make certain no backdoor code exists there.
 * In summary, here are the steps:
    1) Back up your WordPress files, including core,
   themes, & plugins; 2) Back up your database using PhpMyadmin; 3) Look through
   the database to insure there is no evidence of the hack; 4) Search the uploads
   folders for image files that contain code; 5) Let someone knowledgeable look 
   at your .htaccess file. 6) If you have doubts about your database, please have
   a professional take a look.
 * It would also be helpful to install a plugin like Sucuri or Wordfence to scan
   for the compromised files.
 *  [quttera](https://wordpress.org/support/users/quttera/)
 * (@quttera)
 * [7 years, 9 months ago](https://wordpress.org/support/topic/create-automatically-admin-user/#post-10674283)
 * Please be aware that recently discovered multiple security vulnerabilities in
   multiple WordPress plugins allowing “Arbitrary Code Execution”. Or in other WORDS,
   bad guys can inject malicious code into your WordPress setup and take full control
   over it.
 * It is probably worth to restore your website from last good backup and upgrade
   all plugins to latest version to avoid infection/reinfection once again.
 *  Thread Starter [Mohammad Bana](https://wordpress.org/support/users/tamadon/)
 * (@tamadon)
 * [7 years, 7 months ago](https://wordpress.org/support/topic/create-automatically-admin-user/#post-10839303)
 * this bug in edd auto register plugin
    -  This reply was modified 7 years, 7 months ago by [Mohammad Bana](https://wordpress.org/support/users/tamadon/).

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Create automatically admin user’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 4 replies
 * 3 participants
 * Last reply from: [Mohammad Bana](https://wordpress.org/support/users/tamadon/)
 * Last activity: [7 years, 7 months ago](https://wordpress.org/support/topic/create-automatically-admin-user/#post-10839303)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics