site security

  • Unknown's avatar
    janjuly · Member ·

    This week I received a WordPress email saying “someone recently requested that the password be reset for (my account username). If this was a mistake, just ignore this email.”

    I Did Not try to reset my password, so I don’t feel comfortable just ignoring such a notice from WordPress. With no way to getting more info from Support — unless I upgrade to Premium — how do I know that someone wasn’t trying to hack into my account?

    A public forum is not the best place for a security question, but it seems I have no choice but to put this question out to the community. Has anyone else received password reset emails based on bogus reset requests? And did you find out why that might have happened?

    Thanks.

    The blog I need help with is: (visible only to logged in users)

  • Unknown's avatar
    timethief · Member ·

    Hi there,
    I just ignore such emails because I know that if you do not click the link there is no security threat at all. It could be the result of someone typing a wrong address. For more security tips please read > http://en.support.wordpress.com/security/

    Here are some guidelines:
    Did you use the same password for your email account and your blog? Then change both to two different strong passwords.

    Are you sharing log-in information with anyone or leaving it where anyone can locate it? Make sure your login information is secure by sharing it with no one else and keeping it in a place that’s not accessible to others.

    Are you remaining logged in on your computer so anyone can come along and access your blog through it? Never do that log out every time your leave your computer.

  • Unknown's avatar
    janjuly · Member ·

    @timethief: Thanks for the reply. To clarify: This was a legitimate WordPress email. The attempt to change my password was not legitimate. That’s why I’m concerned about this.

    About the security guidelines: I have long followed those kind of guidelines, both at this site and on every Website where I have accounts/am registered, etc. I Never share log-in info and I Never remain logged in on my computer, etc., etc.

    I suspect that this was either a glitch or that someone simply used my username in an attempt to change my password. But fortunately, that was not enough to actually change my password.

  • Unknown's avatar
    auxclass · Member ·

    Your user name or email address might be close to another person and they might simply have fat fingered in the info and made a spelling error

  • Unknown's avatar
    janjuly · Member ·

    @auxclass: Yes, I suppose it could have been something as innocent as that. Just wish I had some feedback from WP Support on this. Maybe this kind of error, if that’s what it was, isn’t uncommon.

  • Unknown's avatar
    auxclass · Member ·

    It’s neither common nor uncommon – happens from time to time – we see a few of these questions in the forum each month

    As @TT noted above – make sure you have solid passwords for both your blog and email

  • Unknown's avatar
    janjuly · Member ·

    @auxclass: Good to know, though I still would like to know Why it happens. Re: passwords — as previously mentioned, I use solid passwords and take all the standard security precautions, so I don’t believe that was a factor in this case.

  • Unknown's avatar
    raincoaster · Member ·

    We’re getting a rash of these reports. My hunch is that it reflects attempts by hackers to get a “reset password” sent to your email address. That is why you need to change your email password whenever you get one of these. If several hours or days have passed before you noticed, change the email password and then change the blog password.

  • The topic ‘site security’ is closed to new replies.