WP Site Hacked – Hidden Admin

Our wordpress website was recently hacked, and there was a hidden “Administrator” that we could not delete.

We searched through the root directory for files that had recently been changed in an attempt to find a way to delete this phantom administrator.

WP Solution to Hacked – Hidden Admin

Here’s how we fixed it:
1) Back up the wp database
2) Backup the whole website including image files, plugins, and the theme files
3) backup the wp-config.php file
4) delete all the WP folders and files
5) create new mysql DB file with new username and password
6) change cpanel password
7) install new version of WP
8.) config new wordpress website
9) delete all tables in newly created database
10) change the name of the previous database to be the same as the new database
11) import the old database into the newly created database
12) search the new database for the wp-users table – still no sign of the hidden admin user
13) identified our admin user ID number (which in this case was ID=2) and changed it to ID=1
14) back in WP dashboard we see listed administrator(1) and subscriber(1+ existing number of subscribers)
15) back in Database we identified the “new” subscriber in the wp-users table and deleted our phantom “admin” user
16) – did a search in cpanel/file manager and found that they had added .htaccess files everywhere – in wp-includes folders and plugins folders

Hope this helps someone and saves them the four hours we spent in fixing up the hacked website!!