My account was hacked

• 

  glamperanairstreamdiary · Member · Oct 1, 2013 at 8:35 pm

  • Copy link
  • Add topic to favorites

  I believe my wordpress blog was hacked. An email went out to all of my followers and had a link on it and it was spam. What do I do? I just changed my password but, is there anything else?

  The blog I need help with is: (visible only to logged in users)

• 

  glamperanairstreamdiary · Member · Oct 1, 2013 at 8:35 pm

  • Copy link

  I believe my wordpress blog was hacked. An email went out to all of my followers and had a link on it and it was spam. What do I do? I just changed my password but, is there anything else?

• 

  timethief · Member · Oct 1, 2013 at 8:37 pm

  • Copy link

  If any person or any bot is posting anything to your blog then you have provided them with the ability to do so either deliberately by adding them as official users, or by allowing them access to your login information, or by posting content that makes it easy for them to guess what your log-in information is.

  Who, aside from you, has access to your login information?

  Go to your email program and change the password to a very difficult one because that’s how many hackers gain access to blogs

  1. If you can log-in go here > Users > All Users and delete any user that does not belong there.

  2. Disable post by email > http://en.support.wordpress.com/post-by-email/

  3. Disable post by voice > http://en.support.wordpress.com/post-by-voice/

  4. Change your blog password to a very difficult one > http://en.support.wordpress.com/passwords/#change-your-password

  5. Use a secure, encrypted connection to connect to your Dashboard. Under Users → Personal Settings, check the box that says “Always use HTTPS when visiting administration pages, and click Save Changes.

  6. Set up two step authentication http://en.support.wordpress.com/security/two-step-authentication/

  Then read this please knowing that blogs don’t get hacked when security protocols are followed. > http://en.support.wordpress.com/security/

  P.S. I flagged this for Staff follow-up.

• 

  raincoaster · Member · Oct 1, 2013 at 8:37 pm

  • Copy link

  Yes. Change your EMAIL password, and disable Post By Email. Also, are you the only admin of that blog? If not, talk to the others and have them do the same.

• 

  glamperanairstreamdiary · Member · Oct 2, 2013 at 6:46 pm

  • Copy link

  I changed my password yesterday and the Post by Email has never been enabled. Now again today another spam email has been sent out. What can you do to stop this?? What else can I do??

• 

  rachelmcr · Member · Oct 7, 2013 at 10:06 am

  • Copy link

  Hi there,

  You mentioned that a spam email went out to your blog’s followers. I just checked your blog and don’t see any history of spam blog posts being posted on your blog, and there isn’t any evidence that your account was hacked. However, I did notice some spam comments on your blog. If your blog’s followers are subscribed to comments, they may have received emails when those comments were posted.

  You can manage your comments and remove spam comments by following this guide: Manage Comments

  If a lot of the spam comments have a common string of text, I suggest adding that string to your blacklist:
  http://en.support.wordpress.com/settings/discussion-settings/#comment-blacklist

  You can use the comment author’s name, IP address, web site, as well as the comment itself. Please make sure the word is not something contained in non-spam comments. For example, if you enter “press” as a blacklisted word, “WordPress” will match.

  Also, please mark those comments as spam instead of just deleting. Our Akismet anti-spam engine tries to learn from a pattern of the comments that are marked as spam.

  Please let me know if you have any questions or concerns about this!

• 

  raincoaster · Member · Oct 7, 2013 at 10:36 am

  • Copy link

  And (for the third time) change your EMAIL password as well.

• 

  mmsparentpress · Member · Oct 8, 2013 at 10:55 pm

  • Copy link

  The same thing happened to my blog this morning.
  http://mmsparentpress.wordpress.com/
  I deleted the fraudulent post, but want to know how it happened. I already had a difficult password (and since have changed it to another difficult one)
  It does appear to be from email, but can’t be sure…

• 

  timethief · Member · Oct 8, 2013 at 10:57 pm

  • Copy link

  @mmsparentpress
  Go to your email program and change the password to a very difficult one because that’s how many hackers gain access to blogs

  1. If you can log-in go here > Users > All Users and delete any user that does not belong there.

  2. Disable post by email > http://en.support.wordpress.com/post-by-email/

  3. Disable post by voice > http://en.support.wordpress.com/post-by-voice/

  4. Change your blog password to a very difficult one > http://en.support.wordpress.com/passwords/#change-your-password

  5. Use a secure, encrypted connection to connect to your Dashboard. Under Users → Personal Settings, check the box that says “Always use HTTPS when visiting administration pages, and click Save Changes.

  6. Set up two step authentication http://en.support.wordpress.com/security/two-step-authentication/

  Then read this please knowing that blogs don’t get hacked when security protocols are followed. > http://en.support.wordpress.com/security/

• 

  rachelmcr · Member · Oct 9, 2013 at 4:50 am

  • Copy link

  @mmsparentpress – It looks like a spam post was posted to your blog via your secret Post by Email address. Anyone who knows that address can post to your blog.

  You can either turn off Post by Email or generate a new secret address by following this guide:

  Post by Email

  Please let me know if you’d like any further help with that!