Somebody else automatically logs into my account

  • I experience the following problem:

    I logged into my WordPress account from a friend’s computer some time ago. I wrote an entry and probably forgot to log out again. When she posted a comment, it logically appeared to be made by me.

    I then visited her at home, logged her out and changed my password.

    Nonetheless, she still is automatically logged in when visiting my site. I already changed my password twice, but it doesnt change the fact that WordPress recognizes her as me. Even when she herself logs out on the comments panel, the same thing happens again the next day.

    The password is now quasi-random, so even if she was malicious – which can’t be the case, otherwise she wouldn’t notify me about this – it’s not likely that she could break in.

    I don’t know a solution and I can’t explain this phenomenon. Any help?

Viewing 9 replies - 1 through 9 (of 9 total)

  • Try clearing her cache and cookies.

    When you say she is logged in as you, what can she do ? Get into the admin screens ?

    change your password and then try to login with the old password to make sure it took the new one

    also take a look at the “users” section to see a list of site users

    Thread Starter zephon

    (@zephon)

    Thank you both for your replies.

    @podz
    If I remember correctly, I didn’t want to delete her cookies – I should have done so. I asked her if she could get to the admin screens – she can’t anymore since I changed the password the last time and she logged out.

    @m4c3w4n
    I made sure both times that the new password was set up correctly. I myself had of course to log in again. I’m not sure what you mean by “list of site users”. She was not a registered user inside WordPress – it only remembered the field entries in the comment area. As a workaround I registered her yesterday, though. I thought this might overwrite any existing setting… I’m not sure if it worked, I have to contact her again.

    I’m also not sure how the login works. Does it work as follows: You log in, the MD5 encryped password is stored alongside the user data (nick, page etc.) as a cookie. When you come back, the password in the cookie is compared to to the actual one. Right?

    Right.

    Thread Starter zephon

    (@zephon)

    Alright, but WordPress doesn’t check for the password at the comments page, does it? If the cookie says “logged in as X” it doesn’t do a password check but posts the comment in the name specified in that cookie, right? Even if that’s the Administrator – and not just somebody else using that name – the comment is highlighted, and that only happens with logged in users.

    my problem is the same thing.. it seems that WP does nto auto-log out people when then close the browser

    Here’s a plugin that will allow you to set the login cookie expiration:

    https://www.freemoby.com/2005/05/21/wordpress-plugin-cookie-timeout/

    I have the same problem.

    I am used to just closing the internet browser, and not logging out correctly.

    I have become aware that you NEED to click on logout before you leave your computer, otherwise other people will be able to access your username…

    Going to try the above link.

    Thread Starter zephon

    (@zephon)

    Thank you, I will try to use the plugin. Nevertheless: The user who had found himself being logged in as myself DID do a logout – so the cookie should have been erased…

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Somebody else automatically logs into my account’ is closed to new replies.

Tags