unsolicited password reset requests

• 

  katherinekoba · Member · Feb 25, 2024 at 5:02 pm

  • Copy link
  • Add topic to favorites

  Another party (not me) has made several attempts to reset my WordPress password. I understand that the *attempt* in itself is harmless and does nothing, but this has happened four times now from IP addresses all originating from the same city in China. I don’t think my website URL or username is one that a Chinese user would accidentally confuse with their own, especially not four times in quick succession. While I will be reviewing the security measures on my email and WordPress accounts, is there a way to at least flag my account with a note for WordPress admin about these repeated attempts? Can they be blocked from specific regions?

  WP.com: Yes
  Jetpack: No
  Correct account: Yes

  The blog I need help with is: (visible only to moderators and staff)

• 

  staartmees · Member · Feb 25, 2024 at 5:50 pm

  • Copy link

  as long you have a strong password together with 2FA, there is nothing to worry about.

  As these people spoof their ip address, blocking ip addresses won’t do a thing.

• 

  milesmacpherson · Member · Mar 28, 2024 at 7:53 pm

  • Copy link

  The same thing happened to me. I also noticed that I should have been emailed a WordPress receipt that never arrived on the same day the password resets started. My thinking is that the WordPress receipt was sent to a bad actor. On the receipt is enough information to attempt a password reset.