Blogs are hacked HELP!
-
Apparently my blog readers are getting a spam email from me (saying I’m stranded in the a foreign country and need money) that is clearly NOT ME. It may have started with a hacked ATT email account and then spread out to anyone who is a reader of my blogs. Can you help me??? I guess the hackers knew everyone at WordPress was going on vacation. Maybe someone hanging around the forum has some suggestions? The comments I’m getting in return are downright embarrassing for a little old lady.
The blog I need help with is: (visible only to logged in users)
-
re: hacked accounts and blogs
If anyone is posting anything to your blog or removing anything from it, or changing anything in it, or if your blog has been deleted and you did not delete it, then it’s most likely that you have provided them with the ability to do so, either deliberately by adding them as official users, or by allowing them access to your login information, or by posting content that makes it easy for them to guess what your log-in information is.
For you, the question that needs to be answered is: Who, aside from me, has access to my login information?
Go to your email program immediately and change the password to a very difficult one because that’s how many hackers gain access to blogs. Contact your email provider if required.
Companies, organizations and groups of any kind do not own sites. Sites are solely owned by the WordPress.COM username account that registers them and who is the original Admin of the site. Only one Admin per site is recommended for exactly this reason: Nothing related to site-administration is off-limits for Administrators, including deleting the entire site. https://en.support.wordpress.com/user-roles/#administrator
Read > http://en.support.wordpress.com/security/
Change your blog password to a very difficult one > http://en.support.wordpress.com/passwords/#change-your-password
You can also reset your password via your Settings tab on the WordPress.com home page:
http://wordpress.com/#!/settings/Disable post by email https://en.support.wordpress.com/settings/email-post-changes/
If applicable see Removing Users https://en.support.wordpress.com/user-roles/#removing-users Note that only one Admin per site is recommended for exactly this reason https://en.support.wordpress.com/user-roles/#administrator
Use a secure, encrypted connection to connect to your Dashboard. Under Users → Personal Settings, check the box that says “Always use HTTPS when visiting administration pages, and click Save Changes.
Use two step authentication http://en.support.wordpress.com/security/two-step-authentication/
Run a security scan on your computer. See here to run a security scan http://geekflare.com/online-scan-website-security-vulnerabilities/
Never leave your computer logged into your blog and walk away from it. Always log out properly.
Also, be aware that Staff have records of who did what under which username and login information and when they did it. I flagged this thread with modlook for a Staff follow-up. Please subscribe to it so you are notified when they respond. To subscribe look in the sidebar of this thread, find the subscribe to topics link and click it. Note that there is a backlog and be patient while waiting.
-
Thank you so much for helping. I was on the phone with some blog readers assuring them I’m fine.
No one has access to the blogs except me. As far as I know. I figured out this is happening because I get email notification of all comments and likes through email. This has put all comment email addresses into my email contacts. All the way back to 2013. Thankfully most of my readers know I don’t leave home and are not going to send money anywhere. The replies I get from those who think I’m a spammer are very se-ually explicit and embarrassing. I don’t know whether to blush from embarrassment or laugh at the thought of such contortions of a body.
So far this is what I’ve done. I’ve deleted all contact information from my email. I’ve changed my email password. I’m in process of changing my WordPress password. I’m deleting all forum memberships and will sign up again with a new email account. Except this forum. I need to change my email address but I’m not sure how to do that for WordPress.
Ok, now I’m going to go through the steps you email me. Thank you again for the help.
-
Hi there,
If someone gained access to and is sending spam from your email account there’s nothing we can do about that as we are not your email provider. I also see no evidence of unauthorised access to your WordPress.com account. The emails are not being sent from your WordPress.com site, it’s being sent from your email account to your email contacts. The fact that those contacts are also readers of your blog is a coincidence.
I recommend you immediately update your email password and enable two factor authentication, and also change the password of every other online account you have connected to that email, as the hacker could have used your email account to reset the password of any of your other accounts.
-
Thanks for taking time to offer help. I’ve been changing all my passwords.. Everywhere. I knew this wasn’t anything WordPress could control. I was hoping someone had a suggestion for how to fix/prevent the problem. My simple fix will be to stop all email notifications. I’ll check the comments only while signed into my blogs. That way no email addresses end up in my email contacts. Thank you again.
-
Disabling email notifications is your call, but it doesn’t address the real issue – someone gained unauthorised access to your email account. You need to take steps to secure your email like setting a very long pass phrase and enabling two factor authentication is your email provider supports it. If they don’t support 2FA, I recommend you get a new email provider as your current one clearly doesn’t care about security if that’s the case :)
- The topic ‘Blogs are hacked HELP!’ is closed to new replies.
WordPress.com Forums 