Security – unknown admin account keeps appearing

  • ChipmunkDesign

    (@chipmunkdesign)


    11 years, 5 months ago

    Hi,

    I have an issue.

    An unknown admin account keeps popping up in the Users section of one of my sites – the account named wpguest.

    This to me indicates a hack (though the site itself appears to have always remained unaffected) but how do I deal with it and keep it secure? I’ve deleted the account whenever it has appeared, deleted my previous admin accounts and created a new one with a more secure password but this account continues to pop up after a week or so.

    I’ve since added the plugin Login Lockdown in the hope of it preventing brute force bot attacks but still the problem remains.

    Help!

Viewing 1 replies (of 1 total)
  • leejosepho

    (@leejosepho)

    11 years, 5 months ago

    First, brute-force ‘bot attacks are seldom actual login attempts. To see that for yourself, install Wordfence Security and watch 404s and the WF login log for a few days. At that point, Wordfence can throttle over-aggressive, speed-hit ‘bots and it can also IP-lockout certain login attempts, but you have still done nothing to actually secure your site from malicious access, actual entry or to protect your database. For that, you need BulletProof Security that will write bulletproof .htaccess making it impossible for anyone to actually invade your site.

Viewing 1 replies (of 1 total)

The topic ‘Security – unknown admin account keeps appearing’ is closed to new replies.