We’ve noticed that every 2 days or so, at random hours of the evening, a random group of users (usually 6 or 7) are receiving a legit Password Changed e-mail from our WordPress website. The e-mails are not a phishing attempt as the emails are coming from [email protected].
We can’t seem to find out what’s triggering those email notifications. It all happens in the span of about 2.30 minutes.
Any ideas?
]]>Error Log –
Versions:
WordPress: 5.3.9
WordPress MS: No
PHP: 7.3.20
WP Mail SMTP: 3.1.0
Params:
Mailer: gmail
Constants: No
Client ID/Secret: Yes
Auth Code: Yes
Access Token: Yes
Server:
OpenSSL: OpenSSL 1.1.1c FIPS 28 May 2019
PHP.allow_url_fopen: Yes
PHP.stream_socket_client(): Yes
PHP.fsockopen(): Yes
PHP.curl_version(): 7.61.1
]]>I tried login in with the password created by the admin but it was not identified and when I attempted ′forgot password′, it said that the website is unable to send emails. I am currently managing 4 websites and I don′t think that should restrict me from being added to one more.
I don′t understand why this is happening. can someone explain?
]]>Let me make this clear.
The email notification from the lost-password end point sends the woocommerce reset password email notification which I have customised. This is ok.
A customer changing his password from within his my-account page, sends a default email notification from my domain [email protected] to his email address registered with. Is there a way to change the content and design of that email as well as the ‘from email’ address?
Thank you
]]>Thanks,
TH
I am wondering how to handle email security. I see two general areas which could possibly be vulnerabilities:
*Wordpress sending emails as [email protected] (e.g. for new user registration)
*Contact Form 7 sending emails (e.g. you can set [email protected]
It seems to me these are both insecure, and Outlook365 was picking up the emails from Contact Form 7 as spam.
What do people do to make sure their security is not compromised?
Thanks a lot for any input.
]]>