HELP!!! My private blog is being accessed, and I didn't invite anyone to read.

  • Author
    Posts
  • #1944058

    doraseee
    Member

    I recently changed the privacy settings on my blog to be PRIVATE after discovering that a long-time stalker/cyberstalker was aware of my blog. Since then, I regularly check my stats to ensure that no one (other than myself, since I’ve accidentally visited my blog a few times) has been reading it. However, I checked my stats today to discover that a different visitor has visited and read specific entries. Is there a way for support to figure out how my blog was accessed? I have tested the privacy settings I currently have, and when I go to my blog URL, it’s blocked (Blog is marked private by owner. If you have been invited, etc… log in.) BUT, I have NOT invited anyone to read the blog. By deduction, this person could have only accessed by logging into MY wordpress account and reading from their computer (which is not in the same country, so I know it’s not me on another device). In gmail and Facebook there’s a way to see how/where your account has been accessed recently. Can I do that on WordPress? If it’s not a feature, could someone who works for Support please please please help me find out? I’m literally really creeped out right now, and seriously considering using this as evidence for a restraining order or SOMETHING. I previously posted a question about getting help for personal account info, but no reply.

    Yes, I did just change my account password. But I still need (really really want) to know how that person accessed my account. To anyone who could help me out, thank you thank you thank you!!

    The blog I need help with is doraseee.wordpress.com.

    #1944153

    timethief
    Member

    When anyone clicks the link they cannot see the content. This is what they see:

    http://doraseee.wordpress.com/ is marked private by its owner. You can:

    Request access to view the site. We’ll send your username to the site owner for their approval.
    Log out and sign in as different user. You’re logged in as ‘timethief’.
    Learn about privacy settings.

    #1944154

    timethief
    Member

    However, I checked my stats today to discover that a different visitor has visited and read specific entries. Is there a way for support to figure out how my blog was accessed?

    I’ll tag this thread for a Staff follow-up. Please subscribe to the thread so you are notified when they respond and please be patient while waiting.

    #1944155

    doraseee
    Member

    Yes I know. That’s what I want, and what I set it to. But someone HAS seen the content yesterday, according to my stats. What I want to know is if I can see who has accessed my ACCOUNT, blog. Even if it’s not a feature, there must be a record somewhere in the servers….

    #1944156

    doraseee
    Member

    Thanks for your help!

    #1944282

    raincoaster
    Member

    If we click to confirm your blog is private (and it is) it still counts as a hit. If someone is given a link to a specific post on your blog, they get the same message, and it counts as a hit on that blog post even though they cannot read it. I think one of your actual authorized users may be leaking the links to this stalker.

    It’s worth noting that when your blog is private, YOUR views are counted.

    #1944289

    doraseee
    Member

    Actually, when the blog is private, only when you enter to read is it counted as a hit. I’ve confirmed that multiple times. When timethief clicked the link yesterday, it did not count as a hit in my stats. And I know it wasn’t me, because the hit was from a different country.

    And I mentioned earlier, I have NO authorized readers, at all. There’s no legal way for this person to read except to hack into my own WordPress account and read. This isn’t something I’ve been dealing with for only a few days (try YEARS), so I’ve checked my facts and checked and re-checked WordPress settings/features/behavior to understand it and by process of elimination and deductive reasoning, there’s no other logical possibility other than the scenario described in my original post.

    By deduction, this person could have only accessed by logging into MY wordpress account and reading from their computer (which is not in the same country, so I know it’s not me on another device).

    At this point, I’m quite positive that only staff (unless member users have access to that info) can help with this issue, to go into the back-end and actually look at how the account has been accessed—from what IP address, whether it was a login or a hack or something, what time. WordPress is supposed to have good security measures, so I’m really counting on staff this time.

    I think it might have been partially my fault, because my old password was not that difficult to figure out, if you know me. I’ve since changed it, and it shouldn’t happen anymore, unless that person is a hacker.

    To staff: if anyone could help with this ASAP, it’d be greatly appreciated. Were it any other issue, I’d have absolutely no problem being patient and waiting a few days, but this is a major violation of personal privacy and security, and I would really like to have peace of mind. I don’t want to have to close my entire account, but this person is really forcing me to consider that…. Thank you!

    #1944345

    druesome
    Staff

    Hello there!

    I’m not seeing anything amiss in your access logs that would suggest that someone had tried to hack your blog. Since you have no invited users, logging into your account would be the only way to view it.

    Aside from changing your password, I strongly advise that you activate two-step authentication on your account.

    http://en.support.wordpress.com/security/two-step-authentication/

    Let me know if you have additional concerns. Thank you!

    #1944363

    doraseee
    Member

    Thank you for checking in on the issue so quickly! I will activate 2-step authentication from now on as well.

    Is there a way to check access logs to see times/locations of logins? Something similar to Facebook, where you can check where you’ve logged in, and it gives you info on time & date of access, device name/type, location… As I mentioned before, I’m considering using this as evidence for potentially filing a restraining order once I really can’t take it anymore, so any & as much detail that is available to me would be wonderful. I don’t know if this is something I can request to have sent to me, or if I actually need a subpoena to gain access to that info? Thank you so much!

    #1944395

    druesome
    Staff

    Hi there!

    Right now we don’t offer a way for you to see the times and locations of your logins. Sorry about that! I do see that you’ve enabled two-step authentication. This should further secure your account and prevent any unauthorized access. If you had other questions, let me know. Thank you!

    #1944397

    doraseee
    Member

    Hi, and thanks for you all your assistance!

    I know that right now there’s no way for me to see times and locations of logins through the WordPress interface, but I’m sure you have that information in my access logs, correct? Is that something I can request to be sent to me to keep as records (due to the unique and sensitive nature of this issue)? To put it bluntly, right now, I need proof. Black-and-white proof. Documentation. This information is probably not given out normally, but given the situation, it was my account that was compromised, so even (especially?) if it was not me who accessed the account, as account owner, I should be able to request that the information be made available to me. Thank you!

    #1944398

    doraseee
    Member

    Also, is there a way to continue this conversation privately, and delete this topic/question from the forum? I don’t want my stalker to know 1) that I found out about his breach, and 2) any progress I make on collecting evidence. I hope you understand, due to the sensitive nature of the issue at hand.

    Again, thank you so much!

    #1944399

    timethief
    Member
    #1944400

    doraseee
    Member

    Hm… yes, it is informative. Thank you, timethief. But, I am the owner of the account, so I should be able to request the information without a subpoena/warrant/etc, since I am the owner of the compromised account, I am the user, and it is my own account information that I am requesting access/documentation. That person used MY login to access my account.

    Now, if my understanding of the policy is correct, if that person somehow accessed my account using his/her own account, and I were requesting info about that account login, it would be a problem. But, as I’ve mentioned like a broken record already, I’m requesting access to MY own account, which was broken into.

    Yes, I know that I didn’t previously have two-step authentication enabled, because I am not a smartphone owner nor do I use my cell phone frequently enough to make it convenient to enable two-step authentication, but that shouldn’t factor into a denial of the request. What if I didn’t have a cell phone? WordPress staff (druesome) has been great so far at answering my questions and helping to resolve the issue, so I don’t think they’d say [essentially], “It’s your own fault your account wasn’t secure enough, that the other party figured out your password, so we’re going to deny you access to information about YOUR OWN ACCOUNT that you legally have access to.”

    But I’ve since learned my lesson, and enabled two-step authentication even if it’s more inconvenient when signing in. And I would greatly, greatly appreciate it if I could just obtain the documentation for my own account.

    Thank you again for your time and effort in this matter!

    #1944402

    doraseee
    Member

    Also, I just checked my stats on a whim, and discovered that someone else has visited my blog within the last hour, from another country outside my country. The visitor was referred from a Google search, but I don’t understand how a Google search landing on a private blog will count as a hit. (I just tested on a different, not logged in browser on my computer, and no, it doesn’t count as a hit). I also still have not invited anyone to read. Could it be staff checking/testing the account by perchance?

    I’m sorry for seeming paranoid… other bloggers check stats to look for reader numbers, I check to make sure no one’s reading….

    Thank you!

    #1944419

    druesome
    Staff

    Hey there,

    When your blog is accessed elsewhere, it means that someone may have chanced upon your blog somehow. Rest assured that the visitor was not able to see anything because of your privacy settings. These random occurrences are taken into account in your stats, but shouldn’t be any cause for alarm. If you have any additional concerns, please don’t hesitate to let me know. Thanks!

    #1944420

    doraseee
    Member

    Can you please answer my previous question? I pretty much know who it was, because the country from which my blog was visited was the same as the one that caused to privatize my blog in the first place. Not only that, the person, clicked on something to go to a tag filter. I’m pretty sure that was NOT a random occurrence.

    How come when I try to access my blog without being signed in, I get the privacy settings message, but it’s not counted into my stats?

    #1944421

    doraseee
    Member

    Sorry, I know who it is, but I need documentable evidence. Deducing that then person who logged into my account based on screenshots of my stats is circumstantial, and I need something more specific.

    #1944422

    druesome
    Staff

    Hello again!

    Please be assured that your blog is set to private and properly secured with two-step authentication. When someone visits your blog, they will be met with this screen:

    And will not be able to go beyond that.

    How come when I try to access my blog without being signed in, I get the privacy settings message, but it’s not counted into my stats?

    If you are logged in as administrator on your blog, your visits are filtered from your own blog’s stats.

    http://en.support.wordpress.com/stats/

    Deducing that then person who logged into my account based on screenshots of my stats is circumstantial, and I need something more specific.

    I’m afraid that apart from the information available in your site stats, that’s all the information we can give you.

    Thanks!

    #1944461

    doraseee
    Member

    So, we went full circle and in the end, none of the assistance or information I initially requested was actually given.

    I personally have tested multiple times, and when I am NOT logged into my account, and try to access my blog, I get the privacy settings message, AND it’s not counted in my stats. When my blog was public, my own visits were filtered out from my blog’s stats. I don’t understand why you’re giving me contradictory and inaccurate information.

    A final request, since I’m pretty sure that the info I need will never be provided: given the nature of these privacy issues, and the giant runaround I was given, could you at least delete this thread, or delete my username from this thread? And I KNOW it can be done. As mentioned before, this is a privacy issue, and I don’t appreciate the fact that a simple Google search of my username brings up this forum on the front page.

    I’d like to be able to tell people that WordPress at least tried to help protect my privacy when it was breached. Thanks.

The topic ‘HELP!!! My private blog is being accessed, and I didn't invite anyone to read.’ is closed to new replies.