My account was hacked and they're editing my site.
-
Some little freak hacked my account. I logged out and logged back in, and changed my passoword. PLEASE tell me WP has a security setting or something I can buy. One of my neighbors told me that the first log in screen is not secure.
The blog I need help with is: (visible only to logged in users)
-
I have been here for 5 1/2 years and the only time that a blog security has been compromised is when the blogger makes their log-in information accessible to others, or chooses a password that’s easily guessed. Changing your password was a good idea provided you actually chose one that’s not easy to guess.
PLEASE tell me WP has a security setting or something I can buy.
The weak link in all security issues is the blogger (see what I said above). There no such upgrade you can purchase. Support Staff offer excellent advice here:
Security
HTTPS -
As I understand it, the login temporarily and instantaneously switches to https when transmitting your username and password, but if you wish you can run the entire dashboard from https by going to users > personal settings and under “Browser Connection” select “Always use HTTPS when visiting administration pages”.
You are going to get a good number of warnings popping up, especially if you use Internet Explorer as there are certain parts of some dashboard pages that are not in HTTPS. You will just have to deal with the warnings. HTTPS is also much slower since it has to jump through a bunch more hoops.
The important thing is to have a very strong password that contains both upper and lower case letters, numbers and special characters such as &%#)* etc.
-
“The weak link in all security issues is the blogger”
Um, what are you talking about? My passwords are rated “strong” on every site, I follow the recommendations and my boyfriend is a computer expert so we have excellent methods around here. What about bloggers on WP who tell me your security settings are weak? Several of my friends think their email accounts were hacked because WP did not protect them.
-
@Sacredpath Thank you for the info! Do you know if there is any way to get this particular hacker logged out short of starting my website from scratch? Maybe importing the site to another address?
-
@Sacredpath – done, and no warnings, it updated quite fast. WP has been good like that so far.
-
WordPress does not have passwords to your email accounts. If someone hacks an email account, they are not getting the password from wordpress.
WordPress.com is probably near the absolute top as far as security goes and virtually all instances of site being “hacked” here have either been due to easy to guess passwords, or someone making someone else an admin on their site who either has a weak password which was guessed, or that admin goes in and does mischief themselves.
-
Change your password (probably done already)
Look under Dashboard >> Users and make sure that there are no users that you did not authorize and delete any trash.
Since WordPress.COM does not know anything much about any email other than the email address itself I can’t believe how WordPress.COM could contribute to any email hacking.
-
@emmiscafe
Are you the only official user and only Administrator on your blog or not?
user roles -
@timethief Yeah I just looked under All Users, I’m the only one listed!
Do you know if I can import my site, assuming that the person can stay logged in and now I cannot control what they write?
-
This was what the person in question said:
“Guess what? The default login pages for services like Twitter and WordPress are NOT encrypted with HTTPS. What can be done about this? Don’t enter your login information on the default page. Click the login button but leave the username and password fields blank. This will then take you to a page that is secured with HTTPS”.
So that was the issue *they* brought up. My password was considered strong. I did change it to an even more jacked up one that hopefully will work. Just pointing out, emmiscafe is right there as my user name and all they needed was to guess my password. Not sure how they did it, I was using that one for one single other blog since 2006 and never had anything like this happen.
-
Please don’t panic and move any content as yet. I flagged this thread for Staff attention when I posted above the first time. I think you ought to go to Staff because they can tell exactly when the blog was accessed and by which IP. Here’s the link http://en.support.wordpress.com/contact/ After you use the searchbox, under the search results, at the bottom of the page there will be a section that says “Have you found the answer to your question?” You can choose either “Yes I found the answer to my question.” or “No I didn’t find the answer to my question and I would like to contact support for help.” The no option will reveal the contact form.
-
If the password has been changed since the other person logged in, when they try to access a page, they will again get the login since the cookie wordpress put on their computer would differ from the new one, so you should have no worries in that respect.
If you are on wireless in your house, make sure your wireless is secured and not open to anyone.
-
Just an FYI, I get the feeling it was this nutjob right here. I say that because there is one news site I subscribe to and have left a handful of comments, “she” recently replied to every one of them with, “Yes I agree Emmy” and it was the only website I linked to my blog.
-
@Timethief thank you and actually yes I contacted them first, but I *was* panicked so I posted here, LOL! Any more info I can get is great, I will check in again tonight. I really appreciate the info.
-
@Sacredpath Whew, that’s good! Thanks for the info, I have not seen anything suspicious since I logged out. I think I need to limit my comments (linked with my WP blog) to private individuals only and never link it to a news site, too many weirdos out there.
-
@emmiscafe
Hi again,
As you went to Staff previous to posting here I will remove the flagging. :) -
Also set comments on your blog to required to be approved by moderator then you will have no surprises by nuts or trolls.
-
Hi, my account has been hacked a lot of times. The headers have all been changed on my blogs along with a lot of text. The one on my blog about Children of Divorce is sort of funny. It was the picture of grass growing, it’s called “Benevolence” by Theron Parlin. Someone changed the grass to look trampled. It’s sort of funny but also pretty scary.
There is absolutely no security on this site. Thanks for the tips, though. I will try them.
-
@Timethief Oh, thank you. Sorry, I should have opened with that info, that I had contacted Support.
- The topic ‘My account was hacked and they're editing my site.’ is closed to new replies.
WordPress.com Forums 