It sounds like your WordPress site experienced a security breach. The creation of an unauthorized admin user and the installation of an unrecognized plugin are clear indicators of this. You’ve taken some good immediate steps by deleting the unauthorized user, removing the unknown plugin, and changing your password. Enabling two-factor authentication (2FA) is also a great move for enhancing security. Here are some additional steps and considerations to ensure your site’s security:
- Scan Your Website:
- Conduct a full scan of your website using Wordfence or another trusted security plugin. This will help identify any hidden malware or files that the attacker might have left behind.
2. Check User Accounts:
- Review all user accounts to ensure no other unauthorized accounts have been created. Pay special attention to accounts with administrative privileges.
3. Update Everything:
- Ensure that all your WordPress core files, themes, and plugins are up to date. Outdated software is a common entry point for attackers.
4. Review and Strengthen Passwords:
- Ensure that all user accounts, especially administrators, have strong, unique passwords. Consider using a password manager to generate and store secure passwords.
5. Audit Plugins and Themes:
- Remove any unused plugins and themes. Sometimes attackers exploit vulnerabilities in inactive themes or plugins.
5. Check File Integrity:
- Verify the integrity of your WordPress core files. You can do this by using tools like Wordfence or manually comparing your files with the original files from the WordPress repository.
6. Examine Recent Changes:
- If you have audit logging enabled, review the logs to see if there were any other changes made by the unauthorized user.
7. Hosting Environment Security:
- Check with your hosting provider to ensure there are no security issues on their end. Some providers offer additional security measures or scans.
8. Change Security Keys:
- Update your WordPress security keys. This will log out all users and is an effective measure if you suspect session hijacking.
9. Backup Your Site:
- If you don’t have recent backups, now is a good time to create one. However, ensure that you’re not backing up any compromised files.
10. Consider a Security Expert:
- If you’re unsure about any of these steps or if you want a professional to ensure your site is clean, consider hiring a WordPress security expert.
11. Monitor Your Site:
- After cleaning up, monitor your site closely for any unusual activity. Keep an eye on user accounts, file modifications, and unexpected changes.
It’s also worth noting that security breaches can sometimes occur due to factors outside of WordPress, such as compromised FTP credentials, an infected computer used to access the site, or a vulnerability in another application running on the same server. Best of luck and stay safe!
