I got an email on the weekend saying a user (EBurden) password had been changed on a site I manage. EBurden is me. And I didn’t change the password. I logged in as administrator (a different user name) and saw that the email for the EBurden account was a gmail one I did not recognize.
Also I got an email from Wordfence saying a user with the suspect email above had tried to recover the user password. IP address in Morocco.
I deleted the EBurden user account and I have blocked the Morocco IP address. I have run scans on both “Isithacked.com” and “virustotal.com” and have found no issues.
I guess my question is how did they recover the password? The could not have guessed it, the Wordfence brute force defence would have stopped them. It is actually only used on two sites, there and as it happens here on WordPress.org so it has never been hacked..to my knowledge (guess I better change it here now…)
- The topic ‘User password changed by hacker’ is closed to new replies.