Bogus new admin email notifications?

  • Resolved sffandom

    (@sffandom)


    6 years, 7 months ago

    We use the “Auto Update Plugins” plugin on multiple sites and it appears that Jetpack has been installing updates for the past few hours.

    In that time I have received numerous emails from various blogs I manage, informing me that a new admin email has been set.

    When I look at the “new_admin_email” field in the WP_OPTIONS table for these sites, the value is the same as the existing “admin_email”, so clearly no one is requesting that the admin email addresses be changed.

    I expect a flood of bogus email notifications because of this problem. As far as I can see, Jetpack is the only plugin to have been modified (updated) on these sites since April 26.

    Is Jetpack causing this problem? Is there a safe way to disable these notifications?

Viewing 6 replies - 1 through 6 (of 6 total)

  • Same problem here – lots of bogus new admin email notifications from wordpress.com. Wordfence is also ringing alarm bells about Jetpack:

    This file belongs to plugin “Jetpack by WordPress.com” version “6.1” and has been modified from the file that is distributed by www.ads-software.com for this version

    Perhaps the release hasn’t been properly tested or managed. But I’m worried about a security breach.

    • This reply was modified 6 years, 7 months ago by jstallard. Reason: I want follow-up replies
    Plugin Author Brandon Kraft

    (@kraftbj)

    Code Wrangler

    Howdy y’all,

    This is something we missed. We started noting the admin email address which ended up triggering WordPress.com’s notification system unintentionally, which sent the e-mails you saw. I disabled the notifications about 12 hours ago (02:32 UTC) so you will not see any additional e-mails.

    There is no security threat or breach and no action is required for those messages. I’m sorry for the hassle and worry. We take testing releases very seriously and it was a bit of a perfect storm that led to the particular condition that triggered the notification to be missed pre-release.

    Thread Starter sffandom

    (@sffandom)

    Thanks for the update. I saw the notifications had stopped but wasn’t ready to say the problem is resolved for me.

    Thanks Brandon, that’s good to know.

    How come Wordfence is telling me that the Jetpack files in my installation differ from the ones in the repository? I have autoupdate turned on.

    Thanks
    Jackie

    Plugin Author Brandon Kraft

    (@kraftbj)

    Code Wrangler

    Hi Jackie ( @jstallard) – Apologies for the delay; I didn’t see this reply until now.

    I’m not sure why WordFence would be seeing that. To be safe, you may want to fully delete Jetpack and re-install it. I’m not aware of a reason from our end why there would be a difference.

    Thanks Brandon, will do ??

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Bogus new admin email notifications?’ is closed to new replies.