There’s a measure in our setup to prevent discovery of your usernames by preventing scans of ‘/?author=N’, the oEmbed API, the WordPress REST API, and WordPress XML Sitemaps.

However we’ve noticed a small increase in password reset activity to info@yourdomain.what.ever

We know these are not authentic password resets as the IP addresses are not local and in quite a number of the cases the email address info@ simply doesn’t exist.

As far as we know no harm can arise … but if you are concerned, or think you have done something you’d rather not have, drop us a line and we can take a look.

Preventative action might involve auditing your passwords in one of the following ways.

  1. Check whether your email address has ever been compromised in a data breach.
  2. Check whether you use the same password across multiple websites (this is very common)
  3. If you use a simple password, ensure you change it for a hard to guess one.
  4. Use your browser’s password manager to store passwords.