If you find yourself the victim of repeated hacking into your WordPress blogging platform, try deleting your Admin account and establishing a new account with a different name. Hackers often try to guess the passwords of CMS and software account names. The Admin account name is the WordPress default and as such is the most targeted for hacker attempts. Delete it and a part of your problem goes away.
Notice that I said “a part”. Deleting the Admin account won’t solve all of your problems, but if your hacker is using the tactic that was prevalent with the 2.8.3 version of WordPress then it is likely that your Admin account will be a target of a hacker attempt.
- Delete all suspicious-looking Subscriber accounts in your Admin user area
- Delete any account using the username Admin or a variant
- Set the security settings to all of your folders, in the cPanel area of your hosting account, to Read – uncheck the Write option
It’s important, if you are deleting accounts – especially the Admin account – to move all posts made under that account name to another account holder. So set up an alternative account under a different username before you delete your Admin account. And use a password for all of your accounts that is difficult to guess. No single name passwords. Add some capital letters, special characters, and make it long.