After my blog got hacked I was fixing many of the holes in my site and that time I saw one strange thing in WordPress Users page. The Users page showed Administrators count as 2 but only one administrator was listed below and it was me. I never created two administrators for my blog. Then after searching about this problem I understood that the hacker has added him as the invisible admin. In the below screenshot you can see what I am talking about.
To detect invisible users, whatever the role might be, you need to login to your phpMyAdmin section in cPanel and have to run some SQL queries.
Finding Invisible Administrators
- Login to cPanel.
- Go to phpMyAdmin.
- Login using your database credentials.
- Select you site’s database on the left side. Doing so you will see a page with big table containing wp_posts, wp_users and more.
- Click the SQL tab at the top. You will be shown a big box with title “Run SQL query/queries on server…” where you can paste the below code.
- Paste the code and hit Go. You will be shown a list of users if present under that Role. You can now easily delete that invisible user.
SELECT u.ID, u.user_login FROM wp_users u, wp_usermeta um WHERE u.ID = um.user_id AND um.meta_key = 'wp_capabilities' AND um.meta_value LIKE '%administrator%';
Finding Invisible Editors
- Login to cPanel.
- Go to phpMyAdmin.
- Login using your database credentials.
- Select you site’s database on the left side. Doing so you will see a page with big table containing wp_posts, wp_users and more.
- Click the SQL tab at the top. You will be shown a big box with title “Run SQL query/queries on server…” where you can paste the below code.
- Paste the code and hit Go. You will be shown a list of users if present under that Role. You can now easily delete that invisible user.
SELECT u.ID, u.user_login FROM wp_users u, wp_usermeta um WHERE u.ID = um.user_id AND um.meta_key = 'wp_capabilities' AND um.meta_value LIKE '%editor%';
Finding Invisible Authors
- Login to cPanel.
- Go to phpMyAdmin.
- Login using your database credentials.
- Select you site’s database on the left side. Doing so you will see a page with big table containing wp_posts, wp_users and more.
- Click the SQL tab at the top. You will be shown a big box with title “Run SQL query/queries on server…” where you can paste the below code.
- Paste the code and hit Go. You will be shown a list of users if present under that Role. You can now easily delete that invisible user.
SELECT u.ID, u.user_login FROM wp_users u, wp_usermeta um WHERE u.ID = um.user_id AND um.meta_key = 'wp_capabilities' AND um.meta_value LIKE '%author%';
Finding Invisible Contributors
- Login to cPanel.
- Go to phpMyAdmin
- Login using your database credentials.
- Select you site’s database on the left side. Doing so you will see a page with big table containing wp_posts, wp_users and more.
- Click the SQL tab at the top. You will be shown a big box with title “Run SQL query/queries on server…” where you can paste the below code.
- Paste the code and hit Go. You will be shown a list of users if present under that Role. You can now easily delete that invisible user.
SELECT u.ID, u.user_login FROM wp_users u, wp_usermeta um WHERE u.ID = um.user_id AND um.meta_key = 'wp_capabilities' AND um.meta_value LIKE '%contributor%';
Finding Invisible Subscribers
- Login to cPanel.
- Go to phpMyAdmin.
- Login using your database credentials.
- Select you site’s database on the left side. Doing so you will see a page with big table containing wp_posts, wp_users and more.
- Click the SQL tab at the top. You will be shown a big box with title “Run SQL query/queries on server…” where you can paste the below code.
- Paste the code and hit Go. You will be shown a list of users if present under that Role. You can now easily delete that invisible user.
SELECT u.ID, u.user_login FROM wp_users u, wp_usermeta um WHERE u.ID = um.user_id AND um.meta_key = 'wp_capabilities' AND um.meta_value LIKE '%subscriber%';
If you’re not using wp_ prefix then change it in the code.