Conetix offers Managed WordPress Hosting as part of our hosting services and this features a number of additional items such as managed updates, managed backups and increased security.
As part of this increased security, we take a multi-layered approach so that we adequately protect the website and the data it contains. Part of this includes the installation and configuration of WordFence, a security plugin used by over 3 million sites to increase the security of WordPress driven websites.
One of these features is the check of the WordPress Administrator passwords against a list of passwords which have already been compromised. If this is the case, you may be greeted with a WordPress login like this:
The best way to think of this is if someone has a copy of the keys to your house. It means your house is no longer secure.
This compromise is normally due to password reuse (using the same password on for multiple logins), which we strongly recommend against doing.
Wordfence will prevent you from logging into the site until you’ve gone through the WordPress password reset process, which will validate the reset via a link to your email address.
After resetting your password, we then recommend the following two actions:
- Check haveibeenpwned.com to see where else your credentials may have been compromised.
- Read our article on password security to understand the importance of strong, unique passwords.
More information: https://www.wordfence.com/blog/2018/03/password-leak-attacks-wordpress/