A hacker with the address [redacted] keeps registering admin accounts on all of our Wordpress sites. They’re bypassing the admin area, and the accounts don’t even show up there.
Our sites are using different themes and different plugins, but the same guy keeps getting into all of them. The last time we had an issue like this, they found a way to get in through Cloudflare.
I’m trying to figure out if that’s what’s happening again, or at least find a way to rule Cloudflare out.