WordPress app on my stolen phone
-
My phone was stolen today and on it I had the wordpress app logged into my blog. I changed the password on my laptop just now, does this mean the wordpress app on my stolen phone automatically logs out? Will the thief be asked to re-enter the new password or can he/she still access my blog somehow?
The blog I need help with is: (visible only to logged in users)
-
Consult the support docs please > http://en.support.wordpress.com/security/two-step-authentication/#if-you-lose-your-device
-
This does not apply to me. I don’t use the 2-step authentication. I need to know whether changing my password on my laptop for my wordpress account is sufficient for the thief of my phone not to be able to access the wordpress application on my stolen phone.
Please reply to my specific case, I am really worried!
-
Go to your email program and change the password to a very difficult one because that’s how many hackers gain access to blogs.
Then read this please and act on what you find there > http://en.support.wordpress.com/security/
1. If you can log-in go here > Users > All Users and delete any user that does not belong there.
2. Disable post by email > http://en.support.wordpress.com/post-by-email/
3. Disable post by voice > http://en.support.wordpress.com/post-by-voice/
4. Change your blog password to a very difficult one > http://en.support.wordpress.com/passwords/#change-your-password
5. Use a secure, encrypted connection to connect to your Dashboard. Under Users → Personal Settings, check the box that says “Always use HTTPS when visiting administration pages, and click Save Changes.
I tagged this thread for a Staff follow-up. Please subscribe to it so you are notified when they respond.
-
I just tested this with my Android app – changed my password – left the old password on the Android App –
The bad news is that my Android App stayed logged in for checking stats & the reader
Will test things with a new post in a few minutes
-
When I went to the Posts section of the program it generated a sign-in error – I don’t know if the check of the credentials was on some sort of time basis or if that I went to the Posts section where I could add / change things generated the credentials check
-
Thanks so much for the help!!! Much appreciated..
So you can’t add or change posts after the password change, but you could see stats? Could you do anything else damaging (deleting account or changing settings) after the password change?
-
With the old password all I tried was the Stats & Reader – I did not try to delete or edit anything – but when I went to make a new Post it did check –
Sorry no more info than that at this time -
You did not say which version you have – but wander over to WordPress.ORG – they support the mobile devices – there is a FAQ and help forum – ask over there – if you don’t have an account at .ORG you will need to signup – but the accounts & user names are not linked to WordPress.COM so you can use the same name if it is not used at .ORG & you can also use the same email as here
-
I checked this, but could not find any relevant forum posts…
All I want is to revoke access, block the app on my stolen phone somehow.
So main question remains: WordPress does not ask to re-enter login details on the mobile phone app if you have reset your password on a laptop?
-
It looks like for passive actions no checking but some checking for the ability to modify a blog – but – that is my best estimate, the developers at .ORG are sharp people, so I can’t imagine a damage your blog hole would be left in the App
I also could not find an answer at .ORG so I posted a new thread asking for help – I referenced this thread – the thread I opened is below
http://android.forums.wordpress.org/topic/lost-stolen-phone-while-logged-in?replies=1#post-20293
-
You be welcome
With over 1.000,000 Android Apps downloaded (add the Apple & Blackberry and there are a lot of Apps) I doubt you are the first one to have a phone stolen while logged into the app,
You can subscribe to the thread I posted if you have an account there
-
You should also be able to remove the Android app connect from this security page in your account settings. Clicking the gear icon next to the app allows you to remove it.
-
Thanks Andrew – the answer below is what I received from the Android Support Forum – one issue with the link they give is the instructions need a bit of fine tune. The link below references the “Dashboard” but the Dashboard needs to be the one you reference ( https://wordpress.com/settings/security/ ) in your link which is the main WordPress.COM dashboard and not the blog Dashboard –
It would be great if someone could fine tune the documentation here
thanks
What happens if a phone is lost and the Android App is still logged in?
To ensure that your account remain safe, change your password, and revoke the access to ‘WordPress for Android’ in applications list under the security tab.
Details here: http://en.support.wordpress.com/third-party-applications/#how-do-i-revoke-access-ive-granted-to-an-application
After that you can re-add your account to the app by using the new credentials.
So is the blog safe from damage / deletes / new Posts etc.??
If you already have changed your password, the blog is safe, since the old password cannot be used to change the content of your blog/account.
-
Thank you both so very much!
I clicked on ” remove access to the iOS application ” so all should be good now right? When I get a new phone I can set up the application again?
Again, thanks a lot for your great help.
-
Yes – Remove access means no mobile App can get to your blog at all, good password or not
yes when you have a new phone, enable the access again and you can go through the set up the App on the new phone
- The topic ‘WordPress app on my stolen phone’ is closed to new replies.
WordPress.com Forums 