Replies: 0
Please forgive. This is quite long to explain.
I had a strange thing happen today while updating plugins and WP core on my site. I had deleted all old plugins and installed All in one WP Security. Everything is up to date and working well.
I was also logged in to my cPanel, deleting old files etc. so was working in browser tabs. (Firefox)) Within a half hour When I was in my WP tab I had a notification from aiowp that there were TWO Users currently logged in!
NO! it should only be me! But the 2nd user had the same user name. Both were my own WP user-name (it is NOT admin). However the IP was different, in fact it was the ip of my website. I was able to force the second user to log out immediately and then I logged out myself and cleared the cache and cookies.
I asked my host to scan the site for unusual activity and signs of malware but they found nothing. I am grateful for the warning but I am still worried.
I am hoping that this was strange behaviour by AIOWP and maybe there were not two people logged in.
So my Question is this.
Can someone log in to my website using my own website server’s IP and has anyone heard of this happening before? If so, what can I do to stop it happening again?
Thanks, I hope this is not too confusing.
I have ticked, ‘This is not a support question’ because I think it is maybe only asking for an opinion – I did not want to imply there is anything wrong with the plugin, but I would like to know whether it is a dangerous situation or not.