Make WordPress Core

Opened 22 months ago

Closed 5 months ago

#58771 closed defect (bug) (invalid)

Someone logged onto my WordPress Admin Site, changed the password, and created a User Registration

Reported by: peterg1206's profile peterg1206 Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:

Description

I checked settings and the "Anyone can register" is unchecked.

I was able to regenerate a password and delete the user registration.

I received several emails over the weekend regarding this activity. My password was 15 characters long, so I am not sure how anyone could have figured out my password. I am concerned and wanted to let someone know of this security vulnerability.

EMAIL 1: 7/8/2023 07:18 AM
Howdy! Some plugins have automatically updated to their latest versions on your site at https://www.privotechnologies.com. No further action is needed on your part.

These plugins are now up to date:

  • Protect Uploads (from version 0.3 to 0.4)

If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help.
https://wordpress.org/support/forums/

The WordPress Team

EMAIL 2: 07/10/2023 12:20 AM
New user registration on your site Privo Technologies, Inc.:

Username: wadminw

Email: wadminw@…

EMAIL 3: 07/10/2023 12/21 AM
New user registration on your site Privo Technologies, Inc.:

Username: wadminw

Email: wadminw@…

EMAIL 4: 07/10/2023 5:46 AM
Hi privomain,

This notice confirms that your password was changed on Privo Technologies, Inc..

If you did not change your password, please contact the Site Administrator at pgoldberg@…

This email has been sent to peter.goldberg@…

Regards,
All at Privo Technologies, Inc.
https://www.privotechnologies.com

EMAIL 5: 07/10/2023 5:47 AM
New user registration on your site Privo Technologies, Inc.:

Username: admmega123

Email: admmega123@…

Change History (1)

#1 @johnbillion
5 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

@peterg1206 So sorry that nobody ever got back to you on this.

For future reference, this is the best starting point for a hacked site: https://wordpress.org/documentation/article/faq-my-site-was-hacked/

Cheers!

Note: See TracTickets for help on using tickets.