Warning: My username on various websites is currently being used in a hacking attempt.
This morning I received close to 30 emails requesting password resets on “Frumph” and “phil” as the username. From sites that I have worked on or helped with in the past.
It is imperative that if I have an account on your system, delete it or verify that the access is down to ‘subscriber’
Important as it is, you NEED to set people back to subscriber after they’re done helping you out, the only person who should ever have consistent administrator access is YOU, no one else. (unless in the case of those people who have a site administrator helping them out, but you get the idea.. no 3rd party people)
– Phil
Update: 4:36am –
.. went through the emails and checked the sites out, .. half of them I don’t even remember ever EVER being involved with but still WordPress sent a password change request????
example: http://www.friedchickenandcoffee.com/
I have no idea who that is.
Update: 2:49pm –
Turns out this happened for a huge amount of people, not just me. Something fishy. I am going to believe that it’s something that has to do with ‘peoples information’ that got stolen/hacked from such places like Chase and Home Depot more likely the yahoo hack that happened recently.
Discussion (2) ¬
This happened to me too, several months ago. With Wordfence it gave me an IP which I used a reverse-IP webtool, and then it made more sense. Its’ a common tactic in Identity Theft called phishing. Often it the attempts won’t be the actual login, unless you’ve left it as default or something that looks obvious (Think ‘Admin’ or ‘Frumph’) and the most common passwords used for wordpress. I think there are options to lower the amount of failed tries someone can do.
I found this useful: https://howsecureismypassword.net/ I have the worst tinfoil set-up of using the maximum allowed character limit and various symbols, capitals and unicode figures. As far as I’m aware no one has gotten logged in, but then it does take several minutes typing in the password. Yet to save time, I’ve downloaded and edit the comicpress files in an IDE then once happy, I then log in to update the layout.
Unfortuately I’ve only updated twice and the sites still a mess, but I’ve found web development books rather useful, and one by Brad Guigar in particular where your advice as a guest writer found inspiration to take another crack at it. So thank you.