Suddenly acquiring new users infiltrating my site. Cannot get rid of them.
-
Hi everyone, I have recently started to change my theme and wanted to overhaul my current theme. I put my site on maintenance and proceeded to make some changes. Then I decided I wanted to change the whole theme so downloaded a new one. At this point I noticed in my wordpress admin login that a totally new name had appeared (just a jumble of letters) so I looked in Users and found that there were several of these with emails all supposedly administrators of my site.
I have been several times now on the chat with Bluehost and they have been quite helpful but unfortunately the problem persists. I have deleted and changed all my passwords for WordPress and Bluehost and also changed and deleted my original pro theme with all my work (doesn’t matter as I want to bring my music festival site up to date. I cannot, however, get this user off my site unless I go directly into WordPress.com but then I have to go to dashboard and then this name comes back again and mine disappears. Any ideas please would be very helpful.
Dawn
The blog I need help with is: (visible only to logged in users)
-
Hi there,
Did you refer to lebuzz66.com as the website where you’re experiencing the issue? If so, it looks like you’re using self-hosted WordPress, not WordPress.com.
https://wordpress.com/site-profiler/lebuzz66.com
Therefore, it’s recommended to open a support ticket at the following URL for WordPress.org support.
https://wordpress.org/support/forums/
To understand the difference between WordPress.com and WordPress.org, please check the article below.
WordPress powers millions of websites, from bloggers and small businesses to massive news sites and companies. This guide will help you to understand the difference between WordPress.com and WordPress.org, and which might be the best fit for your website. In this guideVideo overviewOverview of differencesComparison of featuresOverview of WordPress.comOverview of WordPress.orgFrHave a good day!
-
It sounds like your site has been compromised, especially since unknown admin users keep reappearing even after deletion. This usually means malicious code or backdoors have been injected into your WordPress files or database. Here are the steps you should take:
- Immediately update everything – WordPress core, plugins, and themes. Outdated software is the most common entry point.
- Scan your site – Use a trusted WordPress security plugin to scan for malware, or ask Bluehost to run a full server-level malware scan.
- Check admin accounts – Keep only your own. If new ones appear again, that’s a clear sign of persistent malicious code.
- Audit your files – Hackers often leave hidden scripts in
wp-content,uploads, or theme/plugin folders. Remove anything suspicious or unnecessary. - Reset all passwords – Not just WordPress and hosting, but also database and FTP/SFTP.
- Check user roles in the database – Sometimes hackers hide elevated privileges in the database even if you don’t see them in the dashboard.
- Reinstall WordPress core files – Replace them with fresh copies to ensure no hidden modifications.
- Consider a clean rebuild – If the infection keeps coming back, back up only your clean content (posts, media), then wipe and reinstall WordPress, themes, and plugins from scratch.
- Add extra security – Enable two-factor authentication, limit login attempts, and install a reputable firewall/security plugin to prevent future attacks.
Since this involves recurring admin account creation, it’s critical to act quickly. If Bluehost support hasn’t resolved it yet, ask them if your account might need a deeper security cleanup or if they can temporarily suspend external access until the infection is cleared.
- The topic ‘Suddenly acquiring new users infiltrating my site. Cannot get rid of them.’ is closed to new replies.
WordPress.com Forums 