Title: Unknown user &#8216;admin&#8217; created
Last modified: May 10, 2020

---

# Unknown user ‘admin’ created

 *  Resolved [ezly](https://wordpress.org/support/users/ezly/)
 * (@ezly)
 * [6 years ago](https://wordpress.org/support/topic/unknown-user-admin-created/)
 * Hi,
 * Just now i discovered that a new user with username ‘admin’ had been created,
   with user role subscriber and no registered email address. This scared me a little
 * Using Defender Pro I can see the IP address:
 * Description
    added a new user: Username: admin, Role: Subscriber
 * Context
    users Type user Ip Address 185.234.217.175 User Guest Date / Time May
   10, 2020 4:13 pm
 * I then googled this IP address, and landed on this page:
    [https://www.abuseipdb.com/check/185.234.217.175](https://www.abuseipdb.com/check/185.234.217.175)
 * The top abuse listing as well as multiple others, mention this plugin:
    “Forbidden
   directory scan :: 2020/05/08 06:36:49 [error] 1046#1046: *322858 access forbidden
   by rule, client: 185.234.217.175, server: [censored_2], request: “GET /wp-content/
   plugins/custom-registration-form-builder-with-submission-manager/readme.txt HTTP/
   1.1”, host: “[censored_2]”
 * Seeing as there seem to be no other questions about this, what do we do?

Viewing 12 replies - 1 through 12 (of 12 total)

 *  Plugin Support [RegistrationMagic Support](https://wordpress.org/support/users/registrationmagicsupport/)
 * (@registrationmagicsupport)
 * [6 years ago](https://wordpress.org/support/topic/unknown-user-admin-created/#post-12833545)
 * Hi,
 * We need to replicate the reported issue at our end hence we would require further
   details. If feasible, please raise a ticket at our support forum: [https://metagauss.com/help-and-support/](https://metagauss.com/help-and-support/)
   in order to provide you a speedy resolution.
 *  Thread Starter [ezly](https://wordpress.org/support/users/ezly/)
 * (@ezly)
 * [6 years ago](https://wordpress.org/support/topic/unknown-user-admin-created/#post-12836604)
 * just letting you know i have sent you a message through that support page
 *  [Nikola](https://wordpress.org/support/users/combobets/)
 * (@combobets)
 * [6 years ago](https://wordpress.org/support/topic/unknown-user-admin-created/#post-12836739)
 * The same issue on my site! Please, share the resolution here.
 *  [Nikola](https://wordpress.org/support/users/combobets/)
 * (@combobets)
 * [6 years ago](https://wordpress.org/support/topic/unknown-user-admin-created/#post-12847125)
 * I deleted the ‘admin’ user.
 * The alert message that I received before that from Wordfence was:
 * “_High Severity Problems:
    * An admin user with the username admin was created
   outside of WordPress.
   ”
 * How is possible that? Is this a security risk from the plugin?
    -  This reply was modified 6 years ago by [Nikola](https://wordpress.org/support/users/combobets/).
 *  Thread Starter [ezly](https://wordpress.org/support/users/ezly/)
 * (@ezly)
 * [6 years ago](https://wordpress.org/support/topic/unknown-user-admin-created/#post-12850201)
 * hey nikola,
 * do you mind sharing what other plugins you have installed so we can compare?
 * i gave the plugin developer access to my site and this is their response so far:
 * “However, we have found that the user account you reported did not go through
   RegistrationMagic’s form. There is no Inbox entry for this registration. So it
   is possible that another plugin could be reason behind it.
 * We can see you brought the site back online now. So we’ll do some further testing
   on our end and get back to you with more updates.”
 *  Thread Starter [ezly](https://wordpress.org/support/users/ezly/)
 * (@ezly)
 * [6 years ago](https://wordpress.org/support/topic/unknown-user-admin-created/#post-12850214)
 * Here are my active plugins:
 * InfiniteWP – Client
    Admin Columns Pro – Advanced Custom Fields (ACF) Advanced
   Custom Fields: ACF Country AddFunc Head & Footer Code Admin Columns Pro Advanced
   Custom Fields PRO Akismet Anti-Spam Classic Editor Code Snippets RegistrationMagic
   Dashboard Columns Duplicate Post Interlinks Manager WPBakery Page Builder Mailster–
   Email Newsletter Plugin for WordPress Nelio Content Piklist Really Simple SSL
   Redis Object Cache Related Posts Remove Dashboard Access Simple Tags Term Management
   Tools WooCommerce Yoast SEO Premium WP All Export Pro WP All Import Pro Wordpress
   Automatic Plugin Defender Pro Hummingbird Pro WP Mail SMTP WP All Export – User
   Export Add-On Pro WP All Import – ACF Add-On WP All Import – User Import Add-
   On Pro WPMU DEV Dashboard
 *  [Nikola](https://wordpress.org/support/users/combobets/)
 * (@combobets)
 * [6 years ago](https://wordpress.org/support/topic/unknown-user-admin-created/#post-12854182)
 * Here are my active plugins:
 * GA Google Analytics
    Genesis Simple Edits Genesis Simple Share Genesis Simple
   Sidebars JoomSport JoomSport Predictions Loco Translate RegistrationMagic Say
   What? Simple Social Icons TablePress UpdraftPlus – Backup/Restore Wordfence Security
   WP User Avatar Yoast Comment Hacks Yoast SEO
 *  [Nikola](https://wordpress.org/support/users/combobets/)
 * (@combobets)
 * [6 years ago](https://wordpress.org/support/topic/unknown-user-admin-created/#post-12869259)
 * Is there a resolution?
 *  Thread Starter [ezly](https://wordpress.org/support/users/ezly/)
 * (@ezly)
 * [6 years ago](https://wordpress.org/support/topic/unknown-user-admin-created/#post-12870944)
 * Nope.. They couldn’t find an exploit. My site got hacked really bad after my 
   last message, spend the whole night cleaning malware and switching everything
   over to Woocommerce. Should have just deleted the plugin right after the first
   breach, maybe that would’ve saved me from my db getting stolen.
 * There were other vulnerabilities found in RM only a few months ago as well if
   you look at exploit registry sites, but I’m still only guessing about suspecting
   them. I’ll be keeping an eye on this and if anything might happen in the meantime
   I’ll report it here.
 *  [Nikola](https://wordpress.org/support/users/combobets/)
 * (@combobets)
 * [6 years ago](https://wordpress.org/support/topic/unknown-user-admin-created/#post-12871548)
 * [@ezly](https://wordpress.org/support/users/ezly/) Sorry to hear this. It sounds
   really bad!
 * Did you delete the ‘admin’ user when this happened?
 * I deleted it almost immediately. And luckily, I’m still not hacked. Or I don’t
   see such signals for now.
 * Do [@registrationmagicsupport](https://wordpress.org/support/users/registrationmagicsupport/)
   care about this serious security issue?
 *  Plugin Contributor [registrationmagic](https://wordpress.org/support/users/registrationmagic/)
 * (@registrationmagic)
 * [6 years ago](https://wordpress.org/support/topic/unknown-user-admin-created/#post-12878191)
 * Hello ezly (@ezly) and Nikola (@combobets),
 * Please rest assured we are following your posts and looking through the reported
   issue, and the possibility of happening it through RegistrationMagic. So far 
   we do not have any leads, but our team is still on it as I write. As soon as 
   we have an update we will post it here.
 * Also, any old security weaknesses reported were all fixed months ago. In fact,
   we had updated most of the code with improved security checks.
 * Regards.
 *  Plugin Contributor [registrationmagic](https://wordpress.org/support/users/registrationmagic/)
 * (@registrationmagic)
 * [5 years, 12 months ago](https://wordpress.org/support/topic/unknown-user-admin-created/#post-12931775)
 * Hello ezly (@ezly) and Nikola (@combobets),
 * We appreciate your patience. While, we could not convincingly conclude that the
   user account was created through RegistrationMagic code, in our recent release,
   
   v4.6.0.9, we have introduced mechanism which provides additional security for
   any such attempts – . Not to say it was weak before, but it should be doubly 
   safe now.
 * Please do update to latest version and let us know if you face any other issue
   while using RegistrationMagic.
 * Regards.

Viewing 12 replies - 1 through 12 (of 12 total)

The topic ‘Unknown user ‘admin’ created’ is closed to new replies.

 * ![](https://ps.w.org/custom-registration-form-builder-with-submission-manager/
   assets/icon.svg?rev=2547375)
 * [RegistrationMagic - User Registration Forms Plugin](https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/custom-registration-form-builder-with-submission-manager/)
 * [Active Topics](https://wordpress.org/support/plugin/custom-registration-form-builder-with-submission-manager/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/custom-registration-form-builder-with-submission-manager/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/custom-registration-form-builder-with-submission-manager/reviews/)

 * 12 replies
 * 4 participants
 * Last reply from: [registrationmagic](https://wordpress.org/support/users/registrationmagic/)
 * Last activity: [5 years, 12 months ago](https://wordpress.org/support/topic/unknown-user-admin-created/#post-12931775)
 * Status: resolved