Someone logged onto my WordPress Admin Site, changed the password, and created a User Registration

[peterg1206]

I checked settings and the "Anyone can register" is unchecked.

I was able to regenerate a password and delete the user registration.

I received several emails over the weekend regarding this activity. My password was 15 characters long, so I am not sure how anyone could have figured out my password. I am concerned and wanted to let someone know of this security vulnerability.

EMAIL 1: 7/8/2023 07:18 AM
Howdy! Some plugins have automatically updated to their latest versions on your site at ​https://www.privotechnologies.com. No further action is needed on your part.

These plugins are now up to date:

• Protect Uploads (from version 0.3 to 0.4)

If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help.
​https://wordpress.org/support/forums/

The WordPress Team

EMAIL 2: 07/10/2023 12:20 AM
New user registration on your site Privo Technologies, Inc.:

Username: wadminw

Email: wadminw@…

EMAIL 3: 07/10/2023 12/21 AM
New user registration on your site Privo Technologies, Inc.:

Username: wadminw

Email: wadminw@…

EMAIL 4: 07/10/2023 5:46 AM
Hi privomain,

This notice confirms that your password was changed on Privo Technologies, Inc..

If you did not change your password, please contact the Site Administrator at pgoldberg@…

This email has been sent to peter.goldberg@…

Regards,
All at Privo Technologies, Inc.
​https://www.privotechnologies.com

EMAIL 5: 07/10/2023 5:47 AM
New user registration on your site Privo Technologies, Inc.:

Username: admmega123

Email: admmega123@…

[johnbillion]

@peterg1206 So sorry that nobody ever got back to you on this.

For future reference, this is the best starting point for a hacked site: ​https://wordpress.org/documentation/article/faq-my-site-was-hacked/

Cheers!