Password Reset Emails sent, but were NOT initiated by us
-
Has anyone had any experience receiving password reset emails that were NOT initiated by someone on their team? Over the past few weeks, multiple team members (4+) at our company have been receiving password reset emails from WordPress, asking them to reset their password, but they never requested this be done.
The emails we are receiving are from ‘(email visible only to moderators and staff)’ so I’m thinking they are not real, or are another company pretending to be WordPress. I tried to contact someone from Support directly, but was unable to.
Can anyone else provide information about whether or not this has happened to them?
And were the emails actually from WordPress? If so, why are they being sent when we are not requesting them?
-
Hello @amandamartineau,
I’m so sorry to hear this. I am tagging a WP support, you will find the tag “modlook”, so they can check on this.
Regards,
Rose -
Hi there @amandamartineau, please also let us know the URL of the site involved so that we can point you in the right direction. Thanks.
-
Hi there,
Those emails are not from us. All emails from WordPress.com will come from a @wordpress.com email address. These emails are coming from a @mybiznetsite.com address. The “wordpress” before the @ symbol is irrelevant.
You also don’t own any sites with us. What is the URL of the site involved?
If it is a self-hosted WordPress site we have no control whatsoever over your login credentials for the site, but any admin on the site has the ability to reset passwords for other users on the site.
Alternatively it could be someone spoofing your email to try and get you to reveal your login creds so they can access the site. If that’s the case you’ll need to get in touch with your email provider for advice on how to prevent this type of spoofing.
-
I was having a lot of trouble finding Support for this issue, and don’t know that I’ve created this post in the right place… (to be honest, finding Support for any part of this system is quite a chore) I think I ended up creating a new account in error just to find the right place to post something asking for help….
Our company hosts our own site and I believe it’s a WordPress.org site, so I don’t know if you’ll be able to assist (just realizing now there is a difference between the .com sites and .org sites). The website is http://www.rightlabs.com. Almost every user with access to the RightLabs WordPress site is receiving multiple password reset requests daily, all from different subdomains (some are from “mybiznetsite.com”, some are from “@longrun.com” and some are from “@plus.org.au”, for example)
I found several other forums here with people having similar issues, some who experienced it as far back as this past May. It is surprising to me that a better solution has not been applied previously for this issue…. we are quite concerned with this.
-
Hello again, thanks for that information and sorry it’s been so difficult for you to find the right place to find support.
rightlabs.com is hosted at AmazonWebServices and is using the standalone WP software. You’ll want to post for assistance in the support forums at https://wordpress.org/support because they have the experience and knowledge of the WP software you are using. If you don’t have a username on the ORG forums you can register one on that page.
As @kokkieh pointed out, we have no control here over ORG sites.
More information about using the standalone WP software can be found in the WP Codex at https://codex.wordpress.org/Main_Page
Best wishes for a quick solution.
-
As those emails aren’t coming from the domain on which your site is, I’m almost certain that it’s a phishing attempt to get one of the users on your site to reveal their login credentials. As long as no one clicks on any links in those emails you should be fine, though you might want to look at how these phishers managed to get hold of all your email addresses.
I’d also recommend installing a 2-factor-authentication plugin on your site so that, should someone unwittingly reveal their login details, there’s another step preventing login to the site.
For more help with this, please post in the self-hosted forums as @justjennifer indicated above, as the users there should have more experience with this type of attack and how to protect your site against it.
- The topic ‘Password Reset Emails sent, but were NOT initiated by us’ is closed to new replies.
WordPress.com Forums 