Need help? Check out our Support site, then


someone is changing my password

  1. langtantilldig
    Member

    my blog was hacked a few days ago. I changed my password and everything was fine. Today i couldnt log in, my pasword was changed again. I had to reser the password one more time. Thank god my e mail was correct.
    What should i do? i want to get in contact with someone fron wordpress support. This is a very important blog for me, very personal. I would be devistated if enyone went in and destroed it.
    Blog url: http://langtantilldig.wordpress.com/

  2. Immediately, if you haven't already, change the password on the email account associated with your wordpress site and make it a strong one. If you can remember it, it isn't strong enough. Also make sure that the password on your account here is a strong one.

    http://en.support.wordpress.com/passwords/#choosing-and-using-good-passwords

  3. Go here > Users > All Users and delete any user that does not belong there.
    Disable post by email > http://en.support.wordpress.com/post-by-email/
    Change your blog password to a very difficult one > http://en.support.wordpress.com/passwords/#change-your-password
    Go to your email program and change the password to a very difficult one

  4. Thanks for letting us know about this. We also noticed spam posts appearing on some blogs. We have reset the passwords of all affected users and have sent them an email to let them know. If there was any spam posted and not removed before we got there, we also went ahead and cleaned that up.

    It is very likely that you were using the same password on WordPress.com that you used elsewhere. Recently, a few large services -- LinkedIn, Yahoo, eHarmony, and Last.fm to name a few -- have suffered well-publicized security breaches that have exposed email addresses and passwords. Although the passwords are usually stored securely, simple passwords can be decrypted or "cracked" in a matter of hours using modern technology.

    Hackers gather the lists of email addresses and passwords from these services and then try to use them to access accounts on other popular services, like WordPress.com. If you used the same password multiple places, then your account can be compromised. That is what happened here. We do have measures in place to protect password guessing or "brute force" attacks but in this case, since the password is known beforehand, there is no need for a hacker to guess.

    You should have a strong, unique password for every account you have on the internet. We have some more information on selecting a strong password in our Support section, please read through it:

    http://en.support.wordpress.com/selecting-a-strong-password/

    If you have any additional questions about the security of your account, please contact us using the form on this page:

    http://automattic.com/security/

    We take security seriously, and are happy to answer any questions you have.

Topic Closed

This topic has been closed to new replies.

About this Topic