{{> header.html page_title="Administrator Account Audit" header_widgets="" }} {{> threat/free_common.html }}
{{> threat/nav.html }}

Admin and database persistence audit

Not every compromise lives in files. Attackers also create rogue administrator accounts, issue application passwords, keep stolen sessions alive, and hide persistence inside the database. BitFire PRO audits those access and database layers for takeover indicators.

Why this tab matters: a site is not clean if the attacker still has admin access or if a hidden database trigger can rebuild the compromise later. BitFire PRO helps you review privileged users, application passwords, sessions, and suspicious database objects from one place. Purchase PRO to unlock the live audit.
{{#db_error_visible}}
Database connection unavailable

Unable to query admin users. The audit cannot run without database access — re-open this page from the WordPress admin dashboard.

{{/db_error_visible}} {{^db_error_visible}}
Site-wide Preview only — access and database checks below are listed as not checked
Live actions are unlocked in BitFire PRO.
Administrators
{{+ user_count }}
total admin accounts
Suspicious
not checked
preview mode
Disabled
not checked
preview mode
App Passwords
{{+ ap_total_count }}
issued across all admins
Active Sessions
{{+ session_total_count }}
live admin browser sessions
Accounts

Administrator accounts {{+ user_count }}

Each row is a user with the administrator role. This preview shows the administrator accounts BitFire can read, but does not score them yet.

{{#users_empty_visible}}

No administrator accounts found.

The user table is reachable but contains no admins.

{{/users_empty_visible}} {{#users_has_visible}}
{{ template:user_row "data" }} {{ end template }} {{ render:user_row "users" }}
User Registered Last login App pw Status
{{- data.login }}
{{- data.email }}
 {{- data.registered_short }} {{ data.last_login_source_html }} {{ data.ap_html }} Status: not checked
{{/users_has_visible}}
{{#ap_section_visible}}
App passwords

Application passwords {{+ ap_total_count }}

Application passwords allow REST API access without the user's real password. This preview lists the application passwords BitFire can read, but does not score them yet.

{{ template:ap_row "ap" }} {{ end template }} {{ render:ap_row "app_passwords" }}
User Password name Created Last used Status
{{- ap.login }} {{- ap.name }} {{- ap.created }} {{- ap.last_used }} Status: not checked
{{/ap_section_visible}} {{#sessions_section_visible}}
Active sessions

Active admin sessions {{+ session_total_count }}

Each row is one live browser session belonging to an administrator. This preview lists the sessions BitFire can read, but does not score or revoke them yet.

{{ template:sess_row "s" }} {{ end template }} {{ render:sess_row "sessions" }}
User IP Location Logged in Expires
{{- s.login_user }} {{- s.ip }} {{- s.geo }} {{- s.logged_in }} {{- s.expires }}
{{- s.ua_full }}
{{/sessions_section_visible}}
Database

Triggers, events & routines {{+ db_object_count }}

WordPress never creates database triggers, scheduled events, stored procedures, or custom views. This preview lists the database objects BitFire can read, but does not score them yet.

No triggers, events, routines, or not checked.

{{/db_error_visible}}

Unlock the admin audit in BitFire PRO

Purchase BitFire PRO to review administrator accounts, application passwords, live sessions, and suspicious database objects that can keep a compromised WordPress site under attacker control.

Recommended after any confirmed breach, unknown admin appearance, or unexplained access recurrence.
Purchase BitFire PRO