How can someone have found my username and email?

  • Resolved marywt

    (@marywt)


    3 years, 11 months ago

    The site is on https, yet yesterday I recived two messages from WordPress that requests to change passwords had been received.
    The first one was for a user with the email address X@YYYYYY
    The second one was for a user with the username zzzzzzz

    The username zzzzzzz is the the one with the email address X@YYYYYY so both requests were targetting the same user.

    Two days ago as a strengthening exercise I made this new user as my administrator account and deleted the old admin account which had a less complex user name.

    I have changed the password for the email address from my hosting control panel, and made a new email address for my replacement admin account with I have created to replace the one the emails were connected with and deleted that user.

    I have run a full scan on my computer in case I had a problem but the scan is clear.

    All the sites plugins and WordPress version are up to date and wordfence is running so how did someone in the last couple of days find the complex username and email address?

    This has got me worried so any help will be gratefully received, I am concerned there is a vulnerability somewhere.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter marywt

    (@marywt)

    The message about an attempt to recover the password for the user was a WordPress alert but the one about the email address was a wordfence alert.

    This email was sent from your website “ZZZZZZZZZZZZZZZZZ” by the Wordfence plugin at Thursday 17th of December 2020 at 09:39:54 PM
    The Wordfence administrative URL for this site is: xxxxxxxxxxxxxxxxxxxxxxxx
    Someone tried to recover the password for user with email address YYYYYYYY

    Please help. Thanks, Mary

    Plugin Support WFAdam

    (@wfadam)

    Hello @marywt and thanks for reaching out to us!

    I definitely understand your concern with this matter. Let’s try to find where this request is coming from. If you navigate to Wordfence > Tools > Live Traffic page and lets scroll to the time you got the alert, December 17th at 9:39:54 PM.

    If you could expand the result by clicking on it, and send it to me via wftest @ wordfence . com and put your forum username as the subject so I can find it easy.

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How can someone have found my username and email?’ is closed to new replies.