Security Threat?
-
Hello,
I received a notification that somebody had signed into my account via an email link. I have since changed my password but was wondering if I should do anything else?
Thanks very much in advance!
-TalissaThe blog I need help with is: (visible only to logged in users)
-
Hi there, if you believe that somebody has compromised your account, changing your password is the best thing to do, but I’d also suggest adding 2 Step Verification: https://en.support.wordpress.com/security/two-step-authentication/
Also ensure that nobody knows your Post by Email address: https://en.support.wordpress.com/post-by-email/
This will help keep your account very secure. However, in terms of this incident, I’ve tagged staff as they’ll be able to check if there was any suspicious activity on your account.
Hope this helps!
-
Hi @talissamehringer, which site did the notification reference? I see you have some sites hosted here and then some that are self-hosted.
-
Hey @torres126, thanks very much, I’ll definitely do that!
and hello @thsacredpath – the site where I received the notification is self hosted: http://www.talissamehringer.com
Thanks for your help! -
In that case, please make sure you also change the admin password for that site itself, and consider installing a 2FA plugin on the site. I’d also recommend you change the password on your email account, in case this was done by someone who first gained access to your email, and enable 2FA there as well, and also on your WordPress.com account.
In your site’s WP-Admin dashboard, go to Users ->All Users, and remove any users you see there that you did not add or do not recognise.
And also see these instructions in the official WordPress documentation on hardening your site’s security:
- The topic ‘Security Threat?’ is closed to new replies.
WordPress.com Forums 