Support » Fixing WordPress » Someone is registering my email at hundreds of WordPress sites – Spam Email

  • [ Moved to the Fixing WordPress sub-forum. ]


    This morning, I checked my spam folder and found that someone is taking my personal email and attempting to register accounts with it at other WordPress sites. This wouldn’t be a huge deal, except that I have been getting multiple registrations a minute and have already received over 3,000 emails saying “Your username and password” or something similar in the title.

    If this were hundreds of robots trying to register on my site, the fix would be to increase security measures to limit registrations. But this is my email registering to other sites.

    Does anybody know about this spam bot, where it may have gotten my email address, how I might combat this, or at least how long I should expect to wait until it dies down?

    I have already removed all instances of my email address on my own site, but I’m not sure if there is much else I can do.

    Thank you.

Viewing 11 replies - 1 through 11 (of 11 total)
  • Moderator Steve Stern (sterndata)


    Forum Moderator & Support Team Rep

    It sounds like you may have an enemy out there. There’s really not much you can do that’s WordPress related. The solution, if there is one, is to keep tweaking your mail filters.

    Thread Starter megbaatz92


    Yeah, that’s what I figured. Thanks, Steve. @sterndata

    @megbaatz92, this same thing is happening to me today, to the point where I’m no longer receiving my own email because of all the spam. There was a fraudulent charge on my credit card (which I cancelled) and I imagine that was related, but multiple emails are still coming every minute. Did this spam ever stop in your case? I’m not sure if I should wait it out or start contacting people I’m expecting to hear from in the next few days with a new email address. Thanks!

    Thread Starter megbaatz92


    Hi @pmsab55 – I actually was posting this topic on behalf of my coworker. I checked back in, and he had this to say:

    “After the weekend, it has slowed down. Total received was about 70,000. I started deleting in the manner where Google opts to delete and unsubscribe – for the ones that it had initiated a subscription. This was automatic. That’s when it really trailed off. All day today, probably 50, whereas I was getting over 2,000 per hour there for a bit. Whew…”

    That is a LOT of emails. But it DID slow down, maybe with time or maybe with Gmail’s anti-spam algorithms adjusting. Maybe that offers some hope for you. My coworker didn’t have a problem with emails not being received at all… You may want to contact the people you’re waiting to hear from just to let them know your situation. If you have time, maybe have a friend try sending you some emails and see how reliable they are getting through.

    Who do you have your email address through (,, your business website, etc.)? This may be out of my wheelhouse, but I’m a web designer and I’d like to help you where I can. This sounds like a really scary situation. I’m sorry you’re having to deal with this!

    Thank you so much for your reply, @megbaatz92! I’m glad to hear that your coworker’s situation is getting better.

    This address is through Gmail, and from my research so far, it seems that the massive amount of spam is intended to be a diversion from the fact that my credit card was used fraudulently today. I’ve “only” received about 3,000 emails so far – most are the WordPress “Your username and password” emails you mentioned above, but I’m also receiving mailing list registrations from other sites, some as common as LandsEnd but many more obscure. I have noticed that there’s a multi-hour delay between the time on the email and when I actually receive it, so I’m not sure if the volume is backing up the server somehow as I haven’t been able to receive any emails I’ve sent to that address from a different account.

    I suppose I’ll have to give it a few days and see if it slows down. Thanks again!

    Thread Starter megbaatz92


    @pmsab55 – Yeah, hopefully it is just a temporary attack. It’s good you have Gmail – they should have measures in place to kill whatever bot keeps registering you. But that also makes me question whether it could be a full server issue, though. It would seem more likely if, for example, you had a business email on shared hosting.

    If you’re sending tests from an email address that’s linked to your Gmail account (ex: forwarding, alias, etc.), Gmail may “cancel out” the email since it sees it’s coming from you. For good measure, maybe ask a friend to send to you. If not, disregard. 🙂

    If you think of it, send me/anyone reading this forum an update and let us know what you find!

    I will definitely give an update if/when the situation is resolved! (Fingers crossed!)

    I created this wordpress account just to say that this is happening to my mom’s gmail address right now. It’s incredibly annoying and I can’t see any financial reason why someone would do this. It seems malicious, but I have no idea why someone would target my mom.

    To update my situation, the new mailing list registrations stopped after about 3 days (about 12,000 total), and I seem to be receiving all of my regular email again. I am now receiving the mailing list newsletters from all of the lists I was subscribed to, but most go straight to my spam folder, so while annoying, it is not a huge problem. I’m trying to unsubscribe from these whenever I have a few minutes to spare.

    @afalcone, I would definitely recommend for your mom to check all of her financial accounts, credit cards, Paypal, Amazon, anywhere where she might have card info stored. I’m 99.9% sure that my email issue stemmed from the fraud on my credit card, as the spam blast stopped me from receiving the “purchase confirmation” email from the Apple store (where the fraudulent charge was made).

    Thread Starter megbaatz92


    This may or may not be related, but on the day I posted this (March 23), my company also saw the largest drop in traffic we’ve seen in years.

    For the prior year, traffic had been no LESS than 14 sessions/day (that was the all-time low). Since March 23, my site has seen no LESS than 12 sessions/day. The traffic sources are proportional to what they were before (ex: about 50% direct, 30% Google search, etc.), just with about 10% as much traffic as before.

    I added Cloudflare to my website in early March. Since then, I’ve also seen occasional server errors (503, 521, and 523) originating at my webhost.

    The affected email was a Gmail account – just thought it was strange my site was also affected that day. I’m logging this in case anyone reading has any “related symptoms.” It may just be my webhost, which I’m not impressed with for many reasons.

    @pmsab55 Thanks for that. She found a $1,200 charge one one of her credit cards. I guess this is a new scam. I’m warning people on social media.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Someone is registering my email at hundreds of WordPress sites – Spam Email’ is closed to new replies.