One of the biggest nightmares for Joomla administrators is that someone adds a new account with administrative privileges. This way, the attacker will be able to access to the entire website without restrictions.
There are many ways to do this:
Then, someone logs into the backend:
And a super user is created!
To prevent this situations I have added a new feature to Securitycheck Pro: Forbid new admin accounts:
With this option enabled no new accounts with administration privileges will be created, even if someone uses this kind of tricks. We will also be notified about this with a log entry:
Other extensions only check accounts created using the Joomla backend, so they won't be able to detect cases like this.