Thanks for the info. If you are getting rid of them via phpmyadmin then there is stuff in the usermeta table that you should also be deleting, otherwise some future users could find themselves with admin rights!
Cheers Steve Elbows --- In videoblogging@yahoogroups.com, Michael Verdi <michaelve...@...> wrote: > > If you haven't heard yet, there is an attack happening on all versions > of Wordpress except the newest - 2.8.4. So you should upgrade your > installations. The thing that I noticed on ALL of my sites that were > not already running 2.8.4 was that they had hidden admin users on > them. The sneaky thing about that is that you may not have any other > symptoms besides these hidden accounts and then think you are safe > once you've upgraded. The are, essentially, back doors left on your > site to be exploited later. So you have to make sure to get rid of > them. The process is a little tricky at least it's not a typical > WordPress user operation so I've documented two ways to do it in this > screencast. > <http://reports.graymattergravy.com/2009/09/06/remove-hidden-admin-users-in-wordpress/> > > - Verdi > > -- > Michael Verdi > http://milkweedmediadesign.com > http://michaelverdi.com >
