Count and display number of WordPress users in your Dashboard

Show the number of registered WordPress users in a At-a-Glance widget. This is particular handy as an indicator of compromise (IoC), when a hacker has registered numerous new users in your WordPress database for spam purposes.
Published on Tuesday, 12 May 2020

Screenshot by Jan Reilink

Often when a WordPress site is compromised, the website owner doesn't notice anything strange at first. First a lot of users are created, and it's only later when posts filled with spam are created or existing pages/posts edited. In the time between compromise and creation of spam posts, a website owner might notice an increased number of users. If he has the means to. And that's what this little plugin does.


Show the number of registered WordPress users in a At-a-Glance widget

Suppose your WordPress site has two registered users, and every time you log on to your Dashboard, you see "2 users registered" in the At a Glance Dashboard widget. Wouldn't that be nice? When that number increases to three, four, ten, a hundred, then you know something is wrong.

Sweet :)

For my Dutch readers, also see my ITFAQ.nl post Twee handige WordPress filters en actions.

Count WordPress Users plugin

The plugin to count registered WordPress Users is a small, one .php file + one .css file, plugin. It performs one database call (MySQL query) for every page load on WordPress' Dashboard index.php file. It's not perfect yet.

All that really is needed, is a query for the number of users:

$wpdb->get_var(
  "SELECT COUNT(*) FROM $wpdb->users"
);

WordPress has the count_users() function for this, the SELECT above is a bit simpler. So let's wrap this in a plugin file.

you don't need an extra plugin for this. You can always copy/paste the relevant code parts into your own site-specific plugin or functions.php file.

<?php
/**
 * Plugin name: WP Count Registered Users
 * Plugin URI: /posts/wp-count-registered-users/
 * Description: Counts the number of registered WordPress users in your database's prefix_users table. It displays the total in the At A Glance widget in the WordPress Dashboard. This is particular handy as an indicator of compromise (IoC), when a hacker has registered numerous new users in your WordPress database for spam purposes.
 * Author: Jan Reilink
 * Author URI: https://www.saotn.org
 * Donate URI: https://www.paypal.me/jreilink
 * Text Domain: wpcount-registered-users
 * Version: 0.1
 */

if( ! defined( 'ABSPATH' ) ) {
  exit;
}
add_action( 'admin_enqueue_scripts', 'enqueue_admin_style' );

function enqueue_admin_style ( $hook_suffix ) {
  if ( "index.php" === $hook_suffix ) {
    $plugin = get_plugin_data( __FILE__ );
    wp_enqueue_style(
      'number-registered-users',
      plugins_url( 'includes/admin-page.css', __FILE__ ),
      null,
      $plugin[ 'Version' ]
    );
  }
}
add_action( 'dashboard_glance_items', 'custom_glance_items', 10, 1 );

function custom_glance_items( $items = array() ) {
  global $wpdb;
  $results = $wpdb->get_var(
    "SELECT COUNT(*) FROM $wpdb->users"
  );
  if( $results ) {
    $items[] = sprintf(
      '<span class="%1$s">%2$s</span>',
      'users-count',
      __( $results . ' users registered', 'wpcount-registered-users' ),
    ) . "\n";
  }
  return $items;
}

Delete spam comments after three (3) days

This is the CSS to display a (users) groups Dashicon. Add this to includes/admin-page.css:

#dashboard_right_now .users-count:before {	content: "\f307";}
  1. don't use this where you expect an arbitrary increasing number of users can register on a daily basis, like a forum or membership site.
  2. there seems to be a limit of 6 items in the At a Glance widget. If the it doesn't show up as below, and you already have six items there, try to deactivate a plugin that has its information there.

Once activated, this is how it looks in At a Glance:

Show the number of registered WordPress users in the At-a-Glance widget in the Dashboard

Check WordPress Core files integrity

Create a Dashboard Widget for this

Unfortunately I can't confirm there is a six items limit in the At a Glance widget, so let's create our own Number of Registered Users widget in WordPress' Dashboard. Here is how to create your own custom Dashboard widget for WordPress.

Simply use the following code as plugin, in a site-specific plugin or theme's functions.php file:

<?php
/**
 * Plugin name: Number of Registered Users
 * Plugin URI: /posts/wp-count-registered-users/
 * Description: Counts the number of registered users in your WordPress site and displays the total in a custom WordPress Dashboard widget. This is particular handy as an indicator of compromise (IoC), when a hacker has registered numerous new users in your WordPress database.
 * Author: Jan Reilink
 * Author URI: https://www.saotn.org
 * Donate URI: https://www.paypal.me/jreilink
 * Text Domain: wpcount-registered-users-widget
 * Version: 0.1 */

if ( ! defined( 'ABSPATH' ) ) {
  exit;
}
add_action( 'wp_dashboard_setup', 'saotn_dashboard_widgets' );

function saotn_dashboard_widgets() {
  global $wp_meta_boxes;
  wp_add_dashboard_widget( 'saotn_widget', 'Number of registered users', 'saotn_dashboard_noru');
}

function saotn_dashboard_noru() {
  echo '<p><span class="dashicons dashicons-groups"> </span> '. saotn_count_users() .'</p>';
}

function saotn_count_users() {
  global $wpdb;
  $result = $wpdb->get_var(
    "SELECT COUNT(*) FROM $wpdb->users"
  );
  if( $result ) {
    $output = __("There are ${result} users registered in your WordPress site", "wpcount-registered-users-widget" );
    return $output;
  }
}

And this is what it looks like:

Custom WordPress Dashboard widget showing the number of registered users

See the Dashboard widget API documentation for more information

PS: I'm not in the creating WordPress plugins business. I just like to show you how things are done (or can be done). So don't expect this to be released to the WordPress Plugin Directory. If you decide to use my code for your own plugin, please show some credit :-) There may be errors in the code.

HTH!