‘admin’ Brute Force Bot:
I logged into my website and discovered that there was a new user called ‘admin’ within my users. This ‘admin’ account had subscriber status. The first thing I did was delete the account and all the content… low and behold, my entire site lost its content. Therefore, the new account (with subscriber status) created by an online bot was able to attribute all of my pages, posts, and anything else that was owned by my managing account.
1. do not allow the user account ‘admin’ to attempt logons.
2. A plugin that will disable this is called ‘iTheme Security Pro’ through their local brute force settings.
3. backup your site’s database daily or weekly