Is this a new Word Press hack or what? - GoFuckYourself.com

Yamato · 06-27-2025, 11:07 AM

So, I have this old site on WordPress, and it has all updates installed, so it’s fully patched. Out of the blue, I started getting emails about new users registering and then requesting lost passwords. All of them are coming from the usual suspects—Bangladesh, India, Indonesia, Cambodia, Brazil, etc. The emails they’re registering with look legit and mostly corporate. What’s going on?

cerulean · 06-27-2025, 11:25 AM

Do you have WordFence installed?

This is a pretty common tactic, to use password lists and bombard a site with login and registration attempts looking for vulnerabilities and existing accounts. If they find an active account, the tactic might change. My WordPress sites that employ WordFence have tons of logs of these things happening.

Yamato · 06-27-2025, 03:12 PM

Quote:

Originally Posted by cerulean

Do you have WordFence installed?

This is a pretty common tactic, to use password lists and bombard a site with login and registration attempts looking for vulnerabilities and existing accounts. If they find an active account, the tactic might change. My WordPress sites that employ WordFence have tons of logs of these things happening.

Yes, its WordFence email me these emails every few seconds. It was installed with WP and suddenly started to email be this brute force attempts earlier this week. I wonder if its new version that turned off notifications and now bombarding me because I see summary and it shows same thing happened last week.

fris · 06-27-2025, 05:35 PM

best to block all connections except your from wp-admini do that allow from my ip deny from all so they ant even reach the login page.

cerulean · 06-27-2025, 07:04 PM

Quote:

Originally Posted by Yamato

Yes, its WordFence email me these emails every few seconds. It was installed with WP and suddenly started to email be this brute force attempts earlier this week. I wonder if its new version that turned off notifications and now bombarding me because I see summary and it shows same thing happened last week.

That's possible. WordPress accounts for half the websites out there. There are a lot of vulnerabilities from years past, and a lot of malicious actors trying to break into these sites. It's very lucrative to get a crypto bot running or steal user data.

You would do well to have your web developer audit your site and have your host do a cursory anti-malware scan, just to be safe.

Shoplifter · 06-27-2025, 08:03 PM

Quote:

Originally Posted by fris

best to block all connections except your from wp-admini do that allow from my ip deny from all so they ant even reach the login page.

This.

Make a Cloudflare WAF custom rule to block wp-login.php.

TubesBooster · Yesterday, 03:01 AM

Check if you have updated not only WP, but also plugins and themes, because themes are very often hacked, primarily those that come pre-installed with wordpress. If you don't use them, uninstall them completely.

Okaro · Yesterday, 05:19 AM

For login i change the wp-login page with this plugin: WPS Hide Login

Light and easy.

fris · Yesterday, 07:51 AM

Quote:

Originally Posted by Okaro

For login i change the wp-login page with this plugin: WPS Hide Login

Light and easy.

still can find it easily, best to just add a rule in your webserver to block all except your ip.

blackmonsters · Yesterday, 09:13 AM

Also install Fail2ban on your sever.
It will ban IP addresses that try login too many times.

https://github.com/fail2ban/fail2ban

06-27-2025, 11:07 AM	#1
Yamato Confirmed User Industry Role: Join Date: Apr 2023 Posts: 148	Is this a new Word Press hack or what? So, I have this old site on WordPress, and it has all updates installed, so it’s fully patched. Out of the blue, I started getting emails about new users registering and then requesting lost passwords. All of them are coming from the usual suspects—Bangladesh, India, Indonesia, Cambodia, Brazil, etc. The emails they’re registering with look legit and mostly corporate. What’s going on? __________________ FOR SALE: JAV model portal with FHG import \| Geo Landing Tools \| eRome downloader \| Jigsaw puzzle landing and other cool shit

06-27-2025, 11:25 AM	#2
cerulean Web & App Development Industry Role: Join Date: Oct 2023 Location: United States Posts: 134	Do you have WordFence installed? This is a pretty common tactic, to use password lists and bombard a site with login and registration attempts looking for vulnerabilities and existing accounts. If they find an active account, the tactic might change. My WordPress sites that employ WordFence have tons of logs of these things happening. __________________ Cerulean Software Specializes in Website and App Development. Email me today! Keep Your Business and Members Area Secure with LoginBlue Password and Content Protection

06-27-2025, 05:35 PM	#4
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,339	best to block all connections except your from wp-admini do that allow from my ip deny from all so they ant even reach the login page. __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

Yesterday, 03:01 AM	#7
TubesBooster Confirmed User Industry Role: Join Date: Oct 2024 Posts: 29	Check if you have updated not only WP, but also plugins and themes, because themes are very often hacked, primarily those that come pre-installed with wordpress. If you don't use them, uninstall them completely. __________________ Tubes Booster – Next-Gen Video - Tube CMS AI · VAST · Video Grabbers · SEO · Monetization · New Features Every Week www.tubesbooster.com • [email protected]

Yesterday, 09:13 AM	#10
blackmonsters Making PHP work Industry Role: Join Date: Nov 2002 Location: 🌎🌅🌈🌇 Posts: 20,304	Also install Fail2ban on your sever. It will ban IP addresses that try login too many times. https://github.com/fail2ban/fail2ban __________________ Make Money with Porn

Yesterday, 05:19 AM	#8
Okaro Confirmed User Industry Role: Join Date: Jan 2020 Location: Spain Posts: 38	For login i change the wp-login page with this plugin: WPS Hide Login Light and easy.