FYI, I received a notice regarding hacked passwords. There’s no indication that IPR has been hacked, but it was an alert that I felt was worth responding to.
I also noticed that a particular (unnamed) author account had several failed login attempts. The account had not posted any new articles in years. I deleted the account and as part of that attributed its old posts to me. So there will be hundreds of old articles that indicate I wrote them when I didn’t. Part of the hassle of running a website. That author still has a regular subscriber account as well.
Anyway, it’s my suggestion that all users change your passwords both here and on other websites. Here it is particularly important for authors and editors. There are only three site admins now. I removed two old admin accounts.
I don’t think most hackers would bother targeting IPR, but it still seems wise to take some steps for security.
Keep up the good work.
Well shit… not only is this site not fun anymore but now we get bent over as well! Shit!
Any wordpress site on the internet is almost guaranteed to be a target of automated 24/7 brute force attacks simply b/c the default enabled XML-RPC module allows WP to serve as a very nice botnet vector.