If you suddenly notice one day that multiple users have been added to the site where there was only one administrator. A hacker may have added a user for hacking.
Reasons for sudden increase in users
If you don’t remember adding a user at all, your WordPress administrator password may have been leaked by hacking.
This increased number of users may be a backdoor where various WordPress alterations are made.
WordPress in this state can be used for various hacking activities, such as redirect hacks or spam sending or SEO hacks etc.
What should I do?
You can check if WordPress has been tampered with online at Sucuri Sitecheck .
It is also possible to detect 3,000 alteration patterns with our malware scanner.
WordPress Doctor Malware Scan & Security Plug-in