Forum Replies Created

Viewing 9 replies - 1 through 9 (of 9 total)
  • I am using WPengine’s built-in cloning system, copying the entire site from production -> staging environment, for example.
    (I am copying the filesystem and database when I do this)

    Then, when I first visit the destination site, I get that error.

    I have to login in recovery mode, deactivate, then reactivate the plugin to get the site running again.

    Not an enormous problem now that I understand it, but impede our workflow a bit.

    I believe the same thing happens when we pull down a fresh copy of the site into local environment, but haven’t done that for a while, so can’t say for sure

    Based on my understanding, you should be fine. It should be a valid password reset link in these emails.

    You only get in trouble if you happen to reply to the email, thereby delivering the password reset link to the hackers themselves.

    @rsm-support ‘UseCanonicalName’ config crashed the site, the WP-SpamShield broke some of the Angular-powered AJAX forms (even with the general form protection disabled).
    From everything I read about the plugin, it seems like a good one and my issue should not reflect badly upon it. We just are working with monstrous Frankenstein-like abomination of a site that we inherited from another developer. My guess is the plugin would work great on any site that vaguely resembled a traditional WordPress site.

    Ah, I didn’t catch that autoresponders do not generally include original email. Sounds like they are also looking for bounced messages too. Those would be much more rare, and I guess that is WP team isn’t as concerned with patching this quickly.

    For the record, I ended up going with a PHP script in functions.php to hardcode the reply-to email:

    add_filter( 'wp_mail_from', function( $from_email ) { return ''; } );

    The ‘UseCanonicalName fix’ and ‘WP-SpamShield Plugin fix’ crashed this particular site, which has a huge amount of preexisting custom code and unique server configurations. I don’t think the PHP technique will stop the emails, but it should render them harmless.

    Client is now getting the fraudulent password resets from ‘’

    Has anybody figured out what would actually happen if one were to click on a link? The links seem totally correct, same structure as a legit password recovery links. Seems like the spammers could only do something nefarious from them if your site were actually hacked already.

    I suppose this could just be a trial phishing run, maybe they will swap out malware links later.

    I have a client who is also receiving (unsolicited) password reset emails from that address. (I am looking into the headers to try to figure out if it originated from our server or not.)

    If this were a phishing attack, wouldn’t the reset links go somewhere else? My concern is the password reset links look correct. So if this is spam/phishing, what is the purpose? If not, how did that email address get in there? And why are these emails being triggered?

    This caused me a bit of head-scratching until I too discovered those extra spaces.

    It has to be a bug.

    (Very useful plugin though.)

    You need to use POP3-SSL protocol. If you are not seeing that in the protocol dropdown, you need to talk to your hosting provider.

    Confusingly, Postie uses the php-imap extension for connecting to imap, imap-ssl, AND pop3-ssl. Hosting provider will need to install the php-imap extension.

Viewing 9 replies - 1 through 9 (of 9 total)