Make WordPress Core

Opened 5 months ago

Closed 5 months ago

#47462 closed defect (bug) (invalid)

Someone keeps gaining access to my site as an admin

Reported by: madecker12 Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.2.1
Component: Security Keywords:
Focuses: Cc:
PR Number:


I have a potential hacker (dreamsbadtoyou2@…) that has somehow added themselves as an admin to my website. I do not have the box checked under general settings that even allows someone to request permission, but they were still able to set themselves up as an admin. I took them off, checked the box and set the default role to blocked, but they tried again and were successful in making themselves an admin. This is a HUGE problem that I haven't encountered before and it needs to be addressed immediately.

Change History (1)

#1 @SergeyBiryukov
5 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Severity changed from critical to normal
  • Status changed from new to closed

Hello @madecker12, welcome to WordPress Trac!

I'm sorry that your site seems to be hacked. Unfortunately we can't help you with your hacked site here. Please follow the steps mentioned on https://codex.wordpress.org/FAQ_My_site_was_hacked or try our support forums at https://wordpress.org/support/forums/.

In case you have found a a security vulnerability in WordPress please read https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/.

Note: See TracTickets for help on using tickets.