WordPress security failure?
-
Someone subscribed me to follow their blog WITHOUT MY PERMISSION and set me up to receive emails when they post. This is a big security concern and I feel violated. The individual has admitted adding me. Why would WordPress make this possible? I have never shared my password with anyone nor have i granted anyone any access privileges to my account or blog. I am outraged and feel violated and stalked.
WP.com: Yes
Jetpack: No
Correct account: YesThe blog I need help with is: (visible only to moderators and staff)
-
You could start by asking yourself: how did that person get my email address? That’s were the security flaw starts.
On the wordpress.com platform someone can add you to his mailing list, but without your consent this stays dead.
-
Thanks…An individual can add your email to their list but you must approve that in order to be subscribed as a follower.
Anybody can get your email address if you have ever previously followed them or commented on their blog – email notifications for comments have included the commenter’s email addy and even IP address.
I manually unfollowed their blog in October 2022 after having followed for a few years. They added me back as a follower in the last days of March 2023. I saw their blog pop up in my reader unannounced and was surprised.
The individual then emailed me on March 30, 2023, and let me know that they “…recently discovered that they can add subscribers from their end.”
HOW CAN A BLOG OWNER ADD SUBSCRIBERS FROM THEIR END AND SET UP EMAIL NOTIFICATIONS WITHOUT MY PERMISSION OR APPROVAL?
Their blog is innocuous and my relationship with the blogger is not fraught or hostile at all. However I unfollowed for a reason and have a right to not be forced to follow any blogs without my prior approval. I have a right to not receive WP push notifications at 4:30am in my time zone. Thanks for any insight you can share.
-
You can and must manage push notifications yourself on your smartphone.
And is I already said in a previous answer: “On the wordpress.com platform someone can add you to his mailing list, but without your consent this stays dead.”
-
I appreciate your feedback and yes, that’s correct that someone can add you to their mailing list and without your approval it is SUPPOSED to “stay dead” and that I can manage my push notifications.
HOWEVER in this case, the individual added me as a follower to both their blog in my reader without any approval action on my part AND they enabled email notifications that send me an email whenever they post, again without any approval action on my part whatsoever.
In other words, it did not “stay dead” which would be the usual expected outcome. I do not do email notifications for blog posts (except for maybe half a dozen blogs maximum and this one was never one of them).
This situation is not a case of any user error on my part. The woman admitted in writing that they added me to follow their blog. My question is how can Person A add Person B as a follower without any approval action whatsoever on the part of person B? Thanks in advance for helping to unravel this mystery
- The topic ‘WordPress security failure?’ is closed to new replies.
WordPress.com Forums 