Phishing mail Wordpress Admin

Question

I received several mails from wordpress@mydomain.tld inviting me to connect to my administration area to moderate comments.

Example : WordPress 10/21/2013 04:22:00 A new comment on your post is waiting for your approval. Comment: [...] You have new comment! Go link ... [...] Please visit the Administration panel: Sing in

Link in "Si*ng* in" redirects to a phishing page. I made several changes by changing the administration of wordpress email, but I continue to receive these messages.

I wonder if it is possible to stop sending mail wordpress@ mydomain.tld

Answer 1

I always change the default email account that Wordpress uses to send mail to something unique because of this very reason. There is no way you can prevent scammers from imitating an email address.

There are several plugins that will change the Wordpress From Email info, but to do this programmatically you can use:

function hidden_mail_from($old) {
 return 'wordpress_secure@yourdomain.com';
}
add_filter('wp_mail_from', 'hidden_mail_from');

function hidden_mail_from_name($old) {
 return 'My Wordpress Install 1234';
}
add_filter('wp_mail_from_name', 'hidden_mail_from_name');

If you aren't a developer I would recommend the SMTP plugin: http://wordpress.org/plugins/smtp/

And most of the other SMTP plugins on the Plugin Repository: http://wordpress.org/plugins/search.php?q=SMTP

If you are really interested you can look at the mail headers in your email client to determine the origin server of the email and potentially create a rule to filter spam out based solely on that header but the plugins are much easier.

Answer 2

No, you can't stop someone else from pretending they are sending email from your domain. Best you can do is change the email address your wordpress instance sends email as, and then mark any email coming from the old email address as spam in your email client of choice.