New Logins & Password Reset for Users

  • Posted in : Efor
  • BeatriceNdura
    Participant
    9 May 2025 at 12:24
    #93295

    I keep getting updates of new users’ login information in our emails even after placing captcha to get rid of the robots logins. I also get the admin’s login password changed every time. What could be the problem?

    BeatriceNdura
    Participant
    9 May 2025 at 14:36
    #93297

    I logged in via host and setup the new password.
    Kindly check why there are users login without our consent.

    serkan
    Moderator
    9 May 2025 at 20:57
    #93302

    Hi, Thank you for reaching out. I understand your concern about receiving unauthorized login notifications and unexpected admin password changes despite having CAPTCHA in place. This is a serious security issue, and we’ll work to resolve it promptly.

    Use a plugin like Wordfence or Limit Login Attempts Reloaded to block repeated attempts.
    Some bots can bypass simple CAPTCHA systems.
    Use reCAPTCHA v3 (invisible) or hCaptcha instead of basic CAPTCHA.

    Disable default WordPress login alerts if they’re clogging your inbox.

    Immediate Actions:
    Scan for Malware (use a security plugin).
    Update All Plugins/Themes/Core (outdated software is a common exploit vector).
    Audit User Accounts (remove any unfamiliar admins).

    Let me know if you’d like assistance implementing these steps or if you find anything unusual in your scans.

    BeatriceNdura
    Participant
    31 July 2025 at 21:08
    #94358

    I keep getting updates of new users’ login information in our emails even after placing captcha to get rid of the robots logins. I also get the admin’s login password changed every time. What could be the problem?

    This hasn’t changed yet! How can you help please?

    serkan
    Moderator
    4 August 2025 at 14:13
    #94406

    Hi, thank you for sharing the details. I understand the urgency, and I’ll help you secure your site immediately. Here’s what we need to do:

    Critical Steps to Take Now
    Reset Admin Credentials Manually

    Log in via your hosting panel (e.g., cPanel > File Manager) and update the admin password directly in the database (wp_users table) or via FTP by disabling plugins (rename /wp-content/plugins temporarily).

    Disable User Registration

    Go to Settings > General and uncheck Anyone can register.

    Remove any suspicious users from Users > All Users.

    Upgrade CAPTCHA & Security

    Replace basic CAPTCHA with reCAPTCHA v3 (Google) or hCaptcha (more bot-resistant).

    Install Wordfence or MalCare to scan for malware and block brute-force attacks.

    Check for Backdoors

    Malware often reinfects sites even after password changes. Use Wordfence’s deep scan or a service like Sucuri to clean hidden files.

    Temporarily Disable Login Emails

    Plugins like WP Security Audit Log may be triggering excessive emails. Disable them until the issue is resolved.

    Thanks

    BeatriceNdura
    Participant
    11 August 2025 at 20:54
    #94456

    Thank you!

    I did all that and worked magic!

    Thank you once again.

    serkan
    Moderator
    11 August 2025 at 23:28
    #94460

    You are welcome :) We’d be very happy if you can spare a minute to rate the theme on ThemeForest. Your feedback will boost our motivation and help us to work harder on future updates.

    https://themeforest.net/downloads

    Thank you for your support.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in and have valid license to reply to this topic.

License required for the following item
Efor - Coaching & Online Courses WordPress Theme
Login and Registration Log in · Register