You wrote me : „Someone logged into your account with an E-mail login link“ . Would you be so kind to explain what happened and whether this is of any harm for me or anybody else? Thank you!

  • Unknown's avatar
    criegern · Member ·

    I would appreciate your help!

  • Unknown's avatar
    justjennifer · Member ·

    Hi there, I’ve marked this thread for Staff assistance as they can see the full record of activity on your site and which username did what.

    If you suspect that someone else has access to your WPcom account, you should immediately change your WPcom account password and your email account password as well. Here’s how you can change your WPcom account password: https://wordpress.com/support/passwords/

    It’s important that you choose a strong password and that you do not use that password on more than one site. Each site you log in to should have its own unique password. https://wordpress.com/support/security/#strong-password

    Enabling 2-factor authentication on both your WordPressdotcom account and your email account can also help to keep them secure. Here’s more on that: https://wordpress.com/support/security/two-step-authentication/

    Here are more tips to keep your account/website secure: https://wordpress.com/support/security/

    Let us know if you have any other questions about this.

  • kokkieh · Staff ·

    Hi there,

    The last email login on your account was two weeks ago. Is that the notification you’re referring to?

    An email login notification means someone went to the WordPress.com login page, entered your email address, and then clicked on a unique link we sent to your email, to log into your account.

    If that was not you who logged in two weeks ago, it means someone else has access to your email account itself, as that’s the only possible way anyone can access your WordPress.com account via email login – an email login link is not like a password that can be guessed or stolen.

    So if you suspect this access was unauthorised, you’ll need to secure your email account first, first by updating your password there to something more secure, and then also enabling two-factor authentication. If your email account offers an option to log out all active sessions, also make sure you do that before you update your password.

    Next I’ll repeat @justjennifer’s suggestion to also enable two-factor authentication on your WordPress.com account. That way even if someone had access to your email account, they won’t be able to log into your WordPress.com account unless they had physical access to your phone as well.

  • The topic ‘You wrote me : „Someone logged into your account with an E-mail login link“ . Would you be so kind to explain what happened and whether this is of any harm for me or anybody else? Thank you!’ is closed to new replies.