Roberto von ArchimboldiCan Mastodon help? Our little charity's wordpress keeps trying to send me a password reset link. What is going on? It says that the reset request is coming from 222.167.186.247. What do I do?
Michael Jordan 
@RobertoArchimboldi
Unless you have charity workers in Hong Kong, this is likely an attempt by bad actors trying to get access to your WordPress.
No need to be worried. They are trying an amateur way to break in.
There is a useful add-on to WordPress called “WordFence”. It gives you more options when people like this make these attempts. Like blocking that IP from reaching your server for any amount of time you choose (hours or days). This makes them lose interest and move to other WordPress sites.
I use it on WordPress sites I manage and it is reasonably priced.
@jordanmd thank you. I will check it out.
Weirdly it was mostly my user that was trying to reset. I guess my name is on the website. But the admin user is called 'admin' which would seem a more obvious name to try
@RobertoArchimboldi
These are most commonly automated attempts. I am surprised you don’t see these links for the admin user.
These are most commonly automated attempts. I am surprised you don’t see these links for the admin user.
@jordanmd It scared me. Thank you so much. I installed the free version of wordfence for now. I will talk to the charity about paying for the up to date protection.
It also transpires that somehow in updating our server to bookworm and WordPress to 6.9.3, some permission has been mis-set and I can't upgrade to 6.9.4 or manage the wordfence firewall. This will be a job for tomorrow. We need a proper system admin back :(