In principle, just resetting the password, plus invoke the “Log out everywhere else” on the user profile, should be enough to prevent benign user knowing the password. Reset the web host customer password, including any associated FTP account password. Use strong and unique passwords.
But, in case any unknown, possibly malicious user, may have had wp-admin, hosting account or FTP access, a backdoor may have been introduced through PHP code. In that case the site must be regarded hacked. See https://wordpress.org/support/article/faq-my-site-was-hacked/
Any custom PHP code should be reviewed to rule out a backdoor, plus wp itself and all plugins/themes reinstalled from scratch. This is not trivial, requiring an expert.
Related Posts:
- Create un-removeable user
- Is there a way to have admins that are logged in to wordpress not have to enter the password for password protected pages while browsing the website?
- Two admins in Users and one in the database?
- When admin changes a password for a registered user, I don’t want to send a password change email to users
- How to change the User name and Password of admin account
- Admin Ajax is returning 0
- Add a Separator to the Admin Menu?
- Adding a custom admin page
- Disable user registration password email
- Allowing admin-ajax.php to receive “application/json” instead of “x-www-form-urlencoded”
- Custom admin email for new user registration
- Make A WordPress Page Accessible To Admins Only, Redirect Other User Roles
- localhost/wp-admin on my local redirects to production site’s /wp-admin
- A similar hook as wp_head for the admin area
- How do I set up a webhook?
- Hide allow trackbacks/pingbacks
- How to retain HTML5 Attributes on Markup
- Gallery Settings Change available Columns
- Reseting admin password through PHPMyadmin fails
- wordpress upload http error?
- Dynamically Set WordPress Post Title To The Category Name
- Add Admin User via SQL
- Add number new posts (post_status = pending) to administration menu [duplicate]
- How to remove Gravatar from Username column
- Page only shows when user is logged in (even with visibility set to public)
- I keep getting logged out in Firefox
- get_template_part in admin
- Why Jetpack is missing the “Feedbacks” menu item? [closed]
- Getting the different post statuses + count like in edit.php, in a custom submenu page
- What is the optimal way to filter out subpages from admin?
- Create a Meta Box in the Admin User Screen?
- Send email to Admin when user/member updates specific user/member data
- Help with shortcode in admin-ajax [closed]
- Protect custom php file with login
- Remove the whole menu in the admin
- disable admin-bar search field for specific roles
- Change top level menu item to point to custom submenu item
- Change admin logout URL
- Link to post author but exclude administrator (on single.php)
- Default admin color scheme as “blue”
- Don’t attribute content to admin users
- Can user #1 (the initial user) be deleted without ill effect?
- wp-admin post.php JavaScript Links Not Working
- Remove duplicate product link from WooCommerce Page Row Actions
- How to set default editor tab
- Admin Taxonomy Terms – Orderby Term Field
- How do I add an admin notice within javascript in the admin interface for posts?
- Admin toolbar shows up when not logged in
- Make the Status, Visibility, or Date fields opened by default in the Publish box
- WordPress Admin Login Redirect Problem
- Attachment display settings only allows “full-size”
- Admin option sidebar count
- 500 internal server error on wp-admin only
- Admin Top Bar Not Showing On Front End
- WordPress administration Over SSL – To Force SSL Logins and SSL Admin Access
- Only Admin can Edit, Delete or Update
- Set Edit Post meta boxes inactive
- How to verify nonces in bulk?
- Getting admin notices to appear after page refresh
- Customize retrieve password message
- Hide post title input for all roles except admin
- How to activate the dashboard
- avoiding the display of certain categories to certain user roles at content entry time
- hide elements of admin with css file
- WordPress Hacked 5.5 admin-ajax.php [closed]
- Excerpt showing under title in admin columns
- how to remove +new from wp admin area
- html id is removed for non admin user?
- Given multiple admin accounts, how can I make it so that only admin with X username can edit posts
- Dynamic WordPress Admin Panel
- How to show a custom notification to a specific user?
- Visual Editor only working for the admin user
- Control Users listed in Users List on dashboard
- Weird jquery problem when upgrade to WordPress 3.1
- Maintenance mode excluding site administrators
- my wordpress configuration locally vs live server
- Admin back end – get URL of file using file browser
- Unable to edit my “Administration Email Address” after mySQL editing?
- Why does my admin email address keep changing to something random?
- WordPress Admin Doesnt work
- Sending Reset Password email via Web API
- WordPress – add help text under category list(right side) in post edit page
- Problem with login / reset password links in users emails
- Cannot access wp-admin after installing SSL – user capabilities not being set
- Where to store publicly-accessible files
- Show only content in page after action click in WordPress admin
- WordPress4.1.15 Dashboard links not working
- Admins loggin in to our wordpress site default to the admin page
- Display Graphs in Admin Pages
- ‘Conflict’ with action deleted_post and is_admin()
- Downloading file from wp-admin folder
- Dropdown list of available posts for post editing
- Custom styles and scripts for specific admin screen
- Add Sort Link in Custom Post Type List
- TinyMCE buttons broken
- local WAMP admin user has lost privileges
- Is it possible to get rid of admin new updates notifications?
- WordPress 4.5 Inline Link Toolbar not working on custom wp_editor instance
- Cant enter admin page with SSL
- Better way to change the default password reset url with the woocommerce one?