Reset Wordpress admin users to limit access

I have a client with a Wordpress website currently hosted on Siteground. They are worried that someone else has access to their Wordpress admin user account (only one user I can see in the back end) and also possibly their Siteground account.

I wanted to suggest just change passwords for both of these sites but wanted to confirm, would this be enough? Or create a new full admin account in Wordpress then delete the other altogether?

Is there a guaranteed way to remove any possible access to everyone but the client?

Topic reset account password admin Wordpress

Category Web

1
answered at

In principle, just resetting the password, plus invoke the "Log out everywhere else" on the user profile, should be enough to prevent benign user knowing the password. Reset the web host customer password, including any associated FTP account password. Use strong and unique passwords.

But, in case any unknown, possibly malicious user, may have had wp-admin, hosting account or FTP access, a backdoor may have been introduced through PHP code. In that case the site must be regarded hacked. See https://wordpress.org/support/article/faq-my-site-was-hacked/

Any custom PHP code should be reviewed to rule out a backdoor, plus wp itself and all plugins/themes reinstalled from scratch. This is not trivial, requiring an expert.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.