How To Remove Hidden Admin Users In WordPress [Working Method] - WebSecuritySpecialist

Friday, 2 October 2015

How To Remove Hidden Admin Users In WordPress [Working Method]


We was working on Malware Removal Project from a server where 200+ WordPress Websites are hosted.
We scan the whole server for the malwares and remove them manually from some websites which are infected.
While implement the security to these website we found some of the websites have hidden admin users.
Then we search for the solution in google but didn't find any working solutions.
After a Long time after keep trying on my localhost we found the working solution for it.

Follow the steps -

Go phpmyadmin and login to the database.

Now You need to check the users ID of your login Suppose - Username is - "Deepanshu" and
ID is - "21"

You can found the User ID in wp-users table.

Now Run the SQL Command -
SELECT DISTINCT(`user_id`) FROM `wp_usermeta`
You will See there are a lot of id list there along with the your user id which is "21" If Yes - Now We need to remove them. Now again Run the SQL query -
delete from `wp_usermeta` where `user_id` not in ('21')
This Will Delete all the hidden admin users from your wordpress.

Now you can check inside admin panel - Dashboard - > Users Only 1 Admin User will exit. :)

No comments:

Post a Comment