Unauthorized Posting in my Account
-
I have changed my password 3 times in the last two weeks. The last one was 16 characters long. Yet, I continue to get unauthorized posts on my site. Here is the latest:
https://agileelements.wordpress.com/2016/03/01/emailing-mx62edo-01-03-2016-2/
Can you tell how they are getting access to make these postings.
The blog I need help with is: (visible only to logged in users)
-
Hello there,
re: hacked accounts and blogsIf anyone is posting anything to your blog or removing anything from it, or changing anything in it, or if your blog has been deleted and you did not delete it, then it’s most likely that you have provided them with the ability to do so, either deliberately by adding them as official users, or by allowing them access to your login information, or by posting content that makes it easy for them to guess what your log-in information is.
For you, the question that needs to be answered is: Who, aside from me, has access to my login information?
Go to your email program immediately and change the password to a very difficult one because that’s how many hackers gain access to blogs.
Read > http://en.support.wordpress.com/security/
Change your blog password to a very difficult one > http://en.support.wordpress.com/passwords/#change-your-password
You can also reset your password via your Settings tab on the WordPress.com home page:
http://wordpress.com/#!/settings/Use a secure, encrypted connection to connect to your Dashboard. Under Users → Personal Settings, check the box that says “Always use HTTPS when visiting administration pages, and click Save Changes.
Use two step authentication http://en.support.wordpress.com/security/two-step-authentication/
Run a security scan on your computer. See here to run a security scan http://geekflare.com/online-scan-website-security-vulnerabilities/
Never leave your computer logged into your blog and walk away from it. Always log out properly.
Also, be aware that Staff have records of who did what under which username and login information and when they did it. I flagged this thread with modlook for a Staff follow-up. Please subscribe to it so you are notified when they respond. To subscribe look in the sidebar of this thread, find the subscribe to topics link and click it. Note that there is a backlog and be patient while waiting.
-
Thank you for this canned response. It does not help in my situation – something else is going on.
My email password has never been the same as WordPress. Did you read that my current password is 15 char long? I changed it 1 week before the last unauthorized post. I changed it again today to 20 chars. I have one user, me, so no one else has shared their access.
Yet, in the last 3 weeks, 5 posts I did not make have shown up on my site. Please look closer at the issue.
-
Have you tried setting up 2-step authentication on your account:
You might also disable “post by email” if you aren’t using it:
-
Good Ideas. I will try them.
But, this does not explain how this post got through. This post was made by email, but I searched my email account and did not find anything with the unique string in it. So, it did not originate from the authorized account. I did get this alert from wordpress:
From: WordPress.com [mailto:(email visible only to moderators and staff)]
Sent: Tuesday, March 1, 2016 11:42
To: (email visible only to moderators and staff)
Subject: [Attachment Errors] Emailing: MX62EDO 01.03.2016Your post sent by email was published but some attachments were rejected for the following reasons:
– MX62EDO2016030154511095.zip – Invalid file type
-
Anyone who has your post by email address can use it to post to your site. There is no way for the system to know who is sending the email.
You can also regenerate a new post by email address using the same instructions I posted earlier.
- The topic ‘Unauthorized Posting in my Account’ is closed to new replies.
WordPress.com Forums 