WordPress.org

Support

Support » Miscellaneous » Reset Password – Hacker Hi-jacked?

Reset Password – Hacker Hi-jacked?

  • Hi all,

    Have searched for a similar thread but haven’t managed to find one, apologies if this already covered.

    I have caught our WordPress install sending out password resets to numerous email addresses we are not affiliated with (we only use one anyway).

    To begin with I could not login to the backend, which I have read up is a common issue, with the usual username and password. I then chose the password reset as this normally turns up lightening fast in my inbox. The email never came.

    The next day, I noticed in the Spam folder for the domain email a MailerDaemon from the Server/Wordpress stating “I’m afraid I wasn’t able to deliver your message to the following addresses.
    This is a permanent error; I’ve given up. Sorry it didn’t work out.” and list of all these undesirable email addresses.

    I know the reset wasn’t delivered to those addresses stated, which have clearly since been deleted by their hosts, but can’t be sure it hasn’t been sent any where else.

    I realise we’re on 2.8.4 and plan to update immediately but want to know what’s causing this. I have checked .htaccess, DNS server settings, all emails listed within WordPress, checked myPHPadmin tables as well as contacting our hosts who suggested posting here.

    I will update forthwith but want to be assured this bug won’t be assimilated into the lastest WordPress build.

    If anyone could shed some light on the occurance I would be very grateful.

    Kind regards,

    Jasper

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Reset Password – Hacker Hi-jacked?’ is closed to new replies.