WordPress.org

Ready to get started?Download WordPress

Forums

My multi-user page has had two accounts hacked by spam bots (2 posts)

  1. concertconfessions
    Member
    Posted 2 years ago #

    So this is really strange and I don't know what to think (hopefully this is the right forum). I run a site (concertconfessions.com) which features multiple users. While I accept the fact I get dozens of fake/spam accounts that sign up/deleted daily what I saw tonight has me rather alarmed.

    Two users (one a frequent user, one has only posted once in our three year history) had their accounts compromised within the last two hours. Each had a "spam" post that was listed as pending (keep in mind both users have access to publish pieces that show up on the site while new user accounts need approval to publish to the site). I trust the frequent user not to spam, and the one time user happens to be my wife who has been with me all day.

    I have of course gone ahead and changed the passwords to both accounts but this has me freaked out. Perhaps there is a major security glitch in 3.41? I have never seen anything like this in my 3.5 years of using WordPress.

    If this information helps, but accounts were associated to gmail. Has anyone else seen this problem tonight/ever?

    Thanks

  2. Pioneer Valley Web Design
    Member
    Posted 1 year ago #

    This is more often due to:

    A) Not using strong passwords.
    B) Using the same passwords on multiple online accounts associated with an email login.
    C) Improper security precautions related to storage of passwords.
    D) A computer that has or still is compromised with malware.

    Combination of above allows hackers to easily compromise all your online accounts.

Topic Closed

This topic has been closed to new replies.

About this Topic