delete my blog the security at WordPress is beyond pathetic
-
My blog has been hacked. I am being notified of Posts I’ve made that I did not make. I want the blog deleted.
The blog I need help with is: (visible only to logged in users)
-
That’s interesting. I have been here for over 8 years and predate almost every staff member but one being on support staff. What I have observed is that the only time blogs are hacked is when bloggers fail to follow security protocols and make it easy for hackers.
If anyone is posting anything to your blog then it’s most likely that you have provided them with the ability to do so either deliberately by adding them as official users, or by allowing them access to your login information, or by posting content that makes it easy for them to guess what your log-in information is.
Who, aside from you, has access to your login information?
Go to your email program and change the password to a very difficult one because that’s how many hackers gain access to blogs
Read > http://en.support.wordpress.com/security/1. If you can log-in go here > Users > All Users and delete any user that does not belong there.
2. Disable post by email > http://en.support.wordpress.com/post-by-email/
3. Disable post by voice > http://en.support.wordpress.com/post-by-voice/
4. Change your blog password to a very difficult one > http://en.support.wordpress.com/passwords/#change-your-password
You can also reset your password via your Settings tab on the WordPress.com home page:
http://wordpress.com/#!/settings/5. Use a secure, encrypted connection to connect to your Dashboard. Under Users → Personal Settings, check the box that says “Always use HTTPS when visiting administration pages, and click Save Changes.
P.S. I flagged this thread for Staff help. Please confirm the URL of the blog you are referring to if you have not already done so.
-
Note also that people whine in the forum when WordPress.COM insists on a long password –
you can also enable two factor login – that is where a text message is sent to your cell phone and the code needs to be also used as a second part of the log-in –
you seem to have post by email enabled – disable that at once
-
Typical kiss ass reply. My blog has not been used by me in 3 years but all my passwords are military grade rncryption logarithms. So don’t lecture me about lax security on my part. There is more than enough evidence in the public domain to confirm Word Press’ complicity!!!!!!!
-
@penobscot
Note that Staff work their way forward through threads and tickets chronologically as would be expected. They will respond to this thread as soon as they make their way through the threads and tickets that were tagged or submitted previous to this one.Note also that I do not post kiss ass responses into any thread and I don’t have to take abuse from anyone. I am a Volunteer. I post polite and correct responses, and if I choose to remove the modlook tagging then your thread will fall like a stone right off the Staff radar, so don’t breach the forum code of conduct by getting personal again please.
We love positive and productive discussions, so please keep comments on the topics at hand and not on other members of the community. Thanks!
-
Yes you will find thousands of forum threads all over the internet “my WordPress site was hacked” – and they are WordPress.ORG installs – bad plugin’s, bogus themes, bad base web site maint. – failure to keep software up to date
For more on the difference: http://support.wordpress.com/com-vs-org/
there are TWO flavors of “WordPress” if you are not aware of that simple fact – see the link above
but as @TT has noted – in my four years or so here in the forum the only “hacked” sites have been the ones where someone got the login info or had access to a computer that was logged in –
and is seems that two of the posts I saw were posted by email – the only protection is to keep the email address secret – there is no password on that option – which is why we recommend caution on it – someone could have gotten the address from your email address book –
so rather on say it is not your fault – how about deleting the post by email option and change the password to a new “military grade password”?
all quick and easy to do – then wait for staff to look at your blog – there are some bread crumbs and logs that you don’t have access to that the staff can access
-
It looks like timethief and auxclass have given a pretty good overview of our security. You can always delete your sites by following these steps:
If you’d like to secure your site from these fraudulent posts, but keep the site, turn off the Post by Email function. I took a look at our logs and I can tell from the email we received that your current Post by Email address has ended up on a spammer’s list. Here’s how you can disable that:
If you’d like to maintain your account and make sure its completely secure, you should enable two step authentication.
And in this instance I would suggest you update your password. I understand that you’ve chosen a strong password, however every password can be cracked with time and its good practice to update all of your passwords on a regular basis.
Let me know if there’s anything else I can help with!
-
Also, disable Post By Email.
If you cannot figure out how to delete the spam posts, I highly doubt you can use military-grade encryption.
- The topic ‘delete my blog the security at WordPress is beyond pathetic’ is closed to new replies.
WordPress.com Forums 