Invisible WordPress admin users are the sometimes left behind artifacts of a sloppy hacker or following the cleanup of a hacked website.
This article will cover how to remove those invisible user bits sometimes left behind in the database following a mySQL injection.
2. By Jim Walker, HackRepair.com / @hackrepair
Invisible WordPress
admin users are the
sometimes left behind
artifacts of a sloppy
hacker or following the
cleanup of a hacked
website
3. There is no automated
way to remove these
invisible WordPress
users
By Jim Walker, HackRepair.com / @hackrepair
4. “phpMyAdmin may seem a bit intimidating at first.
Think of it like a text editor for databases and you’ll be
fine.”
By Jim Walker, HackRepair.com / @hackrepair
5. The steps to removing
INVISIBLE USERS
in WORDPRESS
By Jim Walker, HackRepair.com / @hackrepair
6. 1
Be sure to use a backup plugin, like Updraft Plus or Backup Buddy, to make
a database backup
These backup plugins
will not only help you
generate a backup in
seconds
They’ll likewise allow you
to recover your prior
database with just a few
clicks of your mouse
Website will not
be wiped clean
by editing a
couple database
tables
By Jim Walker, HackRepair.com / @hackrepair
7. 2 Add a new Administrator (user)
After creating your new
user, log out, then log
back in as the new
Administrator
Maybe you are still using Admin as your username?
If that’s the case, this would be a great opportunity to
change that to something less guessable.
By Jim Walker, HackRepair.com / @hackrepair
8. 3 Log into phpMyAdmin. Scary, huh?
I have to agree, phpMyAdmin is probably the most
intimidating login screen you’ll encounter in your
WordPress career
You’ll find the username and password for your
phpMyAdmin by viewing the text within your wp-
config.php file
By Jim Walker, HackRepair.com / @hackrepair
9. 4
Once logged in, find your database in the left column and click it once.
That will reveal a list of tables. We only care about two
tables: wp_usermetaand wp_users
Let’s start with wpusers. Click that table link and you’ll see something like this
What’s important here are the numbers in the User ID column. Note how one
is 2 and the other is101011. These are good users in our installation. Hint:
“Remember this.
By Jim Walker, HackRepair.com / @hackrepair
10. 5
Ok, the truly scary part. Sorry, you’ll have to trust me on this. We are going to do a
database query to identify the invisible users. Click the SQL tab.
Next, copy/paste the text below into the box and click the
“Go” button bottom right
This will do a quick search for all currently set
administrator users
By Jim Walker, HackRepair.com / @hackrepair
11. 6
And now to the callback. After our search in #5 above, notice the extra users Mr/Mrs.
Sherlock?
“Excellent!” I cried. “Elementary,” said he.” – Arthur Conan Doyle
By Jim Walker, HackRepair.com / @hackrepair
12. 7
Now kill the other users. Clicky-clicky on the big red X next to each bad users until your
enemy has been defeated
If you are victorious in your quest, you’ll see something like this when you refresh
your WordPress dashboard Users list
BEFORE AFTER
By Jim Walker, HackRepair.com / @hackrepair