There’s a measure in our setup to prevent discovery of your usernames by preventing scans of ‘/?author=N’, the oEmbed API, the WordPress REST API, and WordPress XML Sitemaps.
However we’ve noticed a small increase in password reset activity to firstname.lastname@example.org
We know these are not authentic password resets as the IP addresses are not local and in quite a number of the cases the email address info@ simply doesn’t exist.
As far as we know no harm can arise … but if you are concerned, or think you have done something you’d rather not have, drop us a line and we can take a look.
Preventative action might involve auditing your passwords in one of the following ways.
- Check whether your email address has ever been compromised in a data breach.
- Check whether you use the same password across multiple websites (this is very common)
- If you use a simple password, ensure you change it for a hard to guess one.
- Use your browser’s password manager to store passwords.