How can I tell who changed the password?

0 Views

We recently had an employee leave our company. When they left, I changed all their passwords and removed their email access etc. I also changed the password on our WordPress site for the Admin login, and the primary email to my own. But I didn’t change my own email password.

Yesterday, I received two emails from WordPress saying that there had been a password reset request. One of the emails had been clicked on (you can tell this in Gmail) and the password to our WordPress had been changed. I immediately changed it back again and then changed my own email password.

Read More

Is there any way I can track who requested that password change, and who accessed my email. (We use Gmail through Google Apps here)?

I have my suspicions it was our old employee as she could have found my password and made a note of it before leaving. But I can’t tell what she did in WordPress when she was in there, and if in fact it was her.

Thanks for your help.

Post Views: 0

Related posts

Leave a Reply

2 comments

  1. You could log all attempts to get the lost password email:

    add_action( 'retrieve_password', 'log_password_requests' );

function log_password_requests( $user_name_or_email )
{
    // save the user name or email plus the IP address in an option
}

  2. If you are able to access server logs (e.g. Apache), then you can search the access.log for all requests to wp-login.php?action=lostpassword. You might be able to identify the IP address from which the request originated. But otherwise, WordPress does not maintain an audit log which would indicate who requested the change.