How is it possible that WordPress can get past all of my brute force security plus my username and password security and update the version of WordPress from 3.8 to 3.8.1
I received an email stating that my site had been updated, and I specifically put in brute force security as well as password protected my site to prevent any changes without permission.
Frankly I am outraged, I allow none to do updates to my site without my prior authorization.
I am concerned that without my backing up my site prior to any update I may start having site issues and my business depends on solely on my site.
This is a copy of the email I received this morning and I have validated that the version in fact was updated.
From: firstname.lastname@example.org (which is an email address that does not exist on my domain)
Howdy! Your site at http://imagesinafricasafaris.com has been updated automatically to WordPress 3.8.1.
No further action is needed on your part. For more on version 3.8.1, see the About WordPress screen:
If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help.
The WordPress Team