wordpres scam

Part II of hacked 2 times – scary again!

I do not see myself as someone who reacts hysterically to every little thing and I am not the grumbling type. The reason why I write about this topic again is that such could possibly affect anyone with a WordPress account.

Last week I reported on a very nasty hacker attack (Details here). Everything seems to be fine again – hopefully. However, these post hack issues were not resolved by WordPress whose answers were in no way helpful, but by the jetpack team. They resolved the matter quickly and effectively. Thanks again!

But today I got my credit card statement and this definitely seems worth reporting to me.

The hacker not only destroyed my account and almost managed to kidnap my domain, but he also managed to withdraw US $ 6000 via WordPress. Now 6K is not such a small amount and that’s why I asked WordPress to answer a few questions about it. I think my questions were factual and calm:

“Today I received my Visa statement and I was shocked.

1) please check and adjust my payments and let me know what the payments were for – one by one
2) please tell me how it is possible, that such a high amount can be withdrawn from my account without authorization from my side
3) please tell me how this can be prevented in the future.

I’m sorry to say that the answer I received was definitely unsatisfactory and had the character – like you learn in a course – how to deal with a low-spirited, annoying customer.

The small amounts are ok. But above all the most important question: how can someone use WordPress to debit my credit card with $ 6000 remained unanswered.

There is also the little thing that EUR 5215 was debited, but I only got EUR 5048 refunded. That’s a difference of US $ 197. That doesn’t make the world end, but the fact that WordPress doesn’t even mind answering that is a bit of a negative surprise.

So I would like to take this opportunity to point out again that there is the possibility of 2-factor authentication, with which a similar scenario can be prevented. At least that’s what I hope.

The majority of my credit card payments are under $ 500. In the past, when I made payments over $ 1-2,000, Visa called and asked for confirmation over the phone. And now $ 6000 is debited without anyone asking ?! That seems like a remarkable security issue to me.

To this unauthorized charge via WordPress. What would have happened if I hadn’t been able to react immediately? (travel abroad, stay in hospital …). The 6k would probably have gone badly.





19 responses to “Part II of hacked 2 times – scary again!”

  1. Martha Kennedy avatar

    This is really horrible and I don’t think WP was helpful enough.

    1. Zettl avatar

      The failure of WP goes much further. Far be it from me to wash dirty laundry in public, so I only wanted to touch on those points that pose a potential danger to other WP users.

      1. graham mcquade avatar

        I’m sorry to hear of your difficulties. It makes you wonder if having a website and blog are worth it.

      2. Zettl avatar

        I think for most of us here our website or blog are important tools for learning, expression, communication, exchange of thoughts, source for inspiration and much more. We just should not forget that there are people around with an another agenda.

  2. swabby429 avatar

    This is highly troublesome. Hacking keeps getting further out of hand.

  3. Zettl avatar

    Yes, it is a worrying development. It is imperative that we pay close attention to the issue of security. Both users and providers.

  4. TasView (Tone) avatar

    I was not aware of this potential issue until I stumbled upon your post! Nothing much worse than scammers, thanks for posting.

    1. Zettl avatar

      You are welcome! I guess most of us never thought such could happen that easily. We just run a blog for non-commercial purposes so why should one be hacked….

      1. TasView (Tone) avatar

        I’ve been scammed before, not on WordPress though, not a nice thing to happen. I was left powerless with no help from police or other legal options. It still sucks more than 10 years later. I hope that’s the last of it for you.

      2. Zettl avatar

        sorry to hear that! so you know the feeling. powerless ist the key expression for sure. i am happy all is fine again but imagining that this guy would have been successful with transferring my domain still makes me shiver….

      3. TasView (Tone) avatar

        I have my domain name enrolled elsewhere, not directly with WordPress, that may prevent or reduce the risk of it happening. I think you can pay WordPress with PayPal too, rather than direct with card. I also pay PayPal with a master or visa card as an extra layer of protection. When I got scammed it was a direct deposit and my bank wouldn’t/couldn’t reverse it, but they can with credit cards. Lesson learnt for me!!

      4. Zettl avatar

        That’s definitely a good advice! Many thanks for posting!

  5. Ana Hernandez avatar

    Dear Friedrich Zettl, Perhaps it is late to give a bit of advice, but I also worry about hackers. I keep a small banking card account- not enough money in it to hurt me if I am hacked. And I use PayPal for making payments. They have, in my experience fairly good security and so I don’t mind in the least paying the commission.

    I’m so sorry you have gone through this bad experience. It’s one we all worry about.

    1. Zettl avatar

      Dear Ana Hernandez, thank you so much for your kind words and helpful advice! Yes, I know now. I have been using paypal from the start and basically it’s ok. But I had bad experiences there too – this would be another story. This experience came unexpected and yes, it probably would not have happened with PayPal.

  6. Bon Repos Gites avatar

    How horrible! I really hope this is all sorted to your satisfaction now!

    1. Zettl avatar

      Thank you! Yes, all ok again – and a lesson learned 🙂

      1. Bon Repos Gites avatar

        Good!!! That must be a welcome relief but an awful frustration to have endured! Wishing you better days! 🙂

      2. Zettl avatar

        I just found you blog and it is wonderful! I just had a quick read of some articles and will dive deeper for sure. Congrats!

      3. Bon Repos Gites avatar

        Haha, thank you! That is very kind of you to say! I hope you find something of interest! 🙂 Stay well, stay safe! 🙂

Leave a Reply

%d bloggers like this: