A Hack Added A Lewd 'About' To My Blog
Hello all. I don’t know whether there’s a simple setting which will help me get rid of this unwanted ‘About’. I had a quick look, but I see nothing helpful. I don’t even know how widespread the infection is. I just now found it. Here’s a screen shot that I uploaded to (Google-loving) Box:
If anyone has some suggestions how I might deal with this, please let me know. Thanks.
The blog I need help with is arrby.wordpress.com.
That’s an author bio shown on every post on some themes, which is drawn from your account profile. You’ll find that some content in the About Me section of your My Profile page, here: https://wordpress.com/me, and also in your Gravatar profile page as well, here: https://en.gravatar.com/arrby.
You may edit the “About Me” section of the Profile page, which will in turn be reflected in the Gravatar profile page, and in the author bios displayed on posts. You may also switch to another theme that doesn’t display the author bios. I believe that most of them don’t.
If you didn’t create the “About Me” section of your profile, then I’d suggest that you add a “modlook” tag to the sidebar of this topic to call for staff atttention.
I created my own ‘about’ and it’s called “Who is Arrby?” It’s a ‘page’. The other ‘about’, I did not create and it seems designed to potentially have me flagged as adult. Obviously I didn’t create it. It just popped up today, after 9 years! I’ll look at the settings you point to. I’ll add the tag ‘modlook’ if I don’t find a solution. Thanks!
I looked at the https://wordpress.com/me page and saw the lewd entry I never entered. How did that happen? Anyway, I deleted it and the entire About at the bottom of my standalone posts disappeared, although I should double check before I declare success. I was gone from one post. I don’t see why they wouldn’t be gone from all of them, since the setting affects all of my posts.
You’re welcome. : )
Don’t hesitate to add the “modlook” tag to the sidebar at right here call for staff attention if you would like to report this to staff or to discuss the issue with a staff member. I’m sure they could arrange to discuss the matter privately, e.g. by email, if you’d prefer. You may also use the Contact Us page.
The only way someone would be able to change that information is if they had access to your username account, as that info is pulled in from your public profile description on https://wordpress.com/me/ and Gravatar.com
Please update your WordPress.com and email account passwords immediately, and consider enabling two-step authentication for both of them if you suspect there has been unauthorised access to your account.
Thanks. I just tried changing my password. I was unable to. I was told I recently used it. There is no way I EVER used [redacted-just in case]. Not a chance. I’ll try something else, but What was that?
Same problem. I’m thinking up passwords I know I’ve never used before. I get a checkmark and then when I click to set it I’m told I’ve recently used it. I tried it three times. Please fix your password system. Why should there be one if it’s broken?
This is not a response to your password reset issue @arrby. I’ll leave that to staff to respond to. I just want to correct a misspelling in my first post here. When I said “You’ll find that some content…” I mean “that same content.”
Thanks musicdoc1. You wouldn’t believe the trouble WP has caused for me. I thought I’d say thanks to you when I received this email a few hours ago. Suddenly, not only could I not change my password, but I couldn’t use my own! Anyway, I tried the password reset again, but this time using WP’s password generator. That worked. I’ve now got a password I DO NOT WANT!!!!
I HATE WordPress!
You’re welcome. :)
Sorry about the problems. I think @kokkieh or another staff member will respond soon regarding the password reset issues.
Have you read the support doc on Selecting a Strong Password https://en.support.wordpress.com/selecting-a-strong-password/?
Years ago people used their pets names. birth dates, etc. and were hacked. Traditional Passwords Are No Longer Safe. These days we use very strong passwords to protect our accounts and our sites from hackers.
Your account logs show several successful password changes just before you posted here to report the problem with changing it. So the password changes saved on our end.
Can you try clearing your browser cache and cookies and then try changing the password? What might be happening is that due to a browser glitch the password is submitting twice, meaning it saves, but then gives an error when the system thinks you’re submitting the same password a second time.
What exactly is wrong with the password our system generated? Our password generator creates long and random passwords that make it very unlikely for someone to gain access to your account. Looking at the example password you gave above it appears you already use random passwords yourself, so I’m not sure why you don’t want to use it.
/Just adding that I redacted the password previously posted above. Can’t be too careful when posting in a public forum. :)
Does the password work? Yes. Do I hate it? Yes, and that’s my business.
I thank everyone for their help. Later, I will attempt to change this password to something I can remember. I can’t deal with it right now. I will be sure to empty my cache before I do. If that doesn’t work, I’ll use WP’s generator again. It won’t be worse than what I’ve got. I need a balance between functionality and security. If the solution is weighted entirely on the side of security, then I’ll be impaired. I could never remember the WP-generated password. Maybe if I used it everyday, I suppose I’d eventually remember it. But there’s the time factor too. The assorted characters look to me like they demand a lot of time to enter.
Regardless, Consider this case closed. The crank has left the building!
A password manager will take care of both remembering and entering the password for you. And if you add passwords for all your accounts to the password manager you only need to remember the password for the password manager itself.
We have links to several password managers on the page @timethief linked to above – there are some very good free options available.
The topic ‘A Hack Added A Lewd 'About' To My Blog’ is closed to new replies.