Title: Security issue, user_admin changed by hacker Last modified: December 28, 2017 --- # Security issue, user_admin changed by hacker * [rauhami](https://wordpress.org/support/users/rauhami/) * (@rauhami) * [8 years, 5 months ago](https://wordpress.org/support/topic/security-issue-user_admin-changed-by-hacker/) * Hi Everyone, I have a security issue maybe related to WordPress and therefore thought this might be the right place to ask about it. * Through the years I have developed several WP-sites with hmlt5_blank based theme. Have made some adjustments that it would work perfectly for my purposes but nothing big. Three times within a year, with only one client, I have faced an issue where I suddenly get an email (Ninja firewall report) that someone/something has made changes in database and when i give a closer look, the first admin account user_login has been changed to something else it originally was. * I have yet received quite a little help from the server provider and therefore thought to ask here if anyone has had similar issue. Only two plugins installed, ACF pro and Ninja Firewall. * What bothers me is that i use the same theme as a base for every site i do and only one has had this issue. That also leads my to have some doubts against the server provider and that would actually be a relief. * I hope none of you haven’t faced this issue but if you have, how did you solve it? * Thanks! Viewing 3 replies - 1 through 3 (of 3 total) * [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [8 years, 5 months ago](https://wordpress.org/support/topic/security-issue-user_admin-changed-by-hacker/#post-9817399) * Hi, * When NinjaFirewall sends this kind of notification, it includes the user IP. You would need to download your HTTP server logs and look for that IP. That may show you what it did to access your DB. If you don’t see anything, that could mean that your database is accessed from another website on the same server ( or, less often, remotely from another server/computer). Also, you can search NinjaFirewall’s log for that IP too, maybe you’ll see some log lines related to it. * Thread Starter [rauhami](https://wordpress.org/support/users/rauhami/) * (@rauhami) * [8 years, 5 months ago](https://wordpress.org/support/topic/security-issue-user_admin-changed-by-hacker/#post-9817586) * Thanks for a quick reply. Maybe i can continue this discussion directly with you via your helpdesk? And if/once we find a solution, I’ll post it here. * [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [8 years, 5 months ago](https://wordpress.org/support/topic/security-issue-user_admin-changed-by-hacker/#post-9819145) * We don’t offer helpdesk access for the free version of NinjaFirewall, please use these forums instead. See also: [https://codex.wordpress.org/Hardening_WordPress](https://codex.wordpress.org/Hardening_WordPress) [https://codex.wordpress.org/FAQ_My_site_was_hacked](https://codex.wordpress.org/FAQ_My_site_was_hacked) Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Security issue, user_admin changed by hacker’ is closed to new replies. ## Tags * [database](https://wordpress.org/support/topic-tag/database/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 3 replies * 2 participants * Last reply from: [nintechnet](https://wordpress.org/support/users/nintechnet/) * Last activity: [8 years, 5 months ago](https://wordpress.org/support/topic/security-issue-user_admin-changed-by-hacker/#post-9819145) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics