Spam email sent from my [email protected] account

Assuming that your site has not been compromised, and that there are not unknown admin-level user accounts, then this could just be a case of mail spoofing. (Where a person places your email address as the ‘from’, but the email is really being sent by an external process.)

I’d change all credentials (hosting, FTP, admin-level users). Then look for unauthorized admin-level users. I might also create a new admin-level user with a strong password, log in as that user, then change the old admin user to a lower level (subscriber, for instance).

I might also look for evidence of site compromise. Update everything (WP via the Admin, Update screen, themes/plugins manually via FTP). Then look at all folders for files that shouldn’t be there (they will have different timestamps because you updated everything). Also check the htaccess file.

And check generated pages page source for unusual code. I created a process to de-hack a site here, perhaps that would be useful to you. (There are many googles/bings/ducks about that subject also.)

Related Posts:

  1. how to reduce the number of spam comments
  2. A spam bot loves me, what can I do?
  3. How to spam-filter a custom content type with the Akismet plugin?
  4. Getting trackback spam, even with trackbacks disabled
  5. How to block a someone from commenting?
  6. Reducing spammy user sign-ups
  7. How to reduce spam
  8. How do I permanently disable Pingbacks?
  9. What are all these spam subscribers doing here?
  10. How to disable WordPress trackbacks?
  11. How can I delete all my existing trackbacks?
  12. How can I delete all users which have never commented / have posted spam comments?
  13. Comment Spammed vs Trashed
  14. Contact Form 7 being hijacked to send spam? [closed]
  15. getting casino links on my woocommerce site [closed]
  16. How to locate & delete hidden pages on a site
  17. How is my non-published blog getting so much spam?
  18. Contact Form 7 Plugin send emails to my Gmail as spam [closed]
  19. Automated spam being caught in 2 posts. Can this be used to help get rid of spam on everyone’s sites?
  20. WordPress Site has 35K spam images
  21. WordPress Phone Verification
  22. Is the tagline area spam-bot proof?
  23. How to block spam blocks pointing to a same website [closed]
  24. WordPress VPS out of Memory Problem
  25. Is it possible to determine proxy based comments?
  26. How to track down a phantom contact form?
  27. How to get rid of spam forever?
  28. Spams, Scams on WordPress site – what to do?
  29. Auto block ALL IP’s indicated by Akismet?
  30. Simple comments spam solution
  31. How to stop people from using my domain to send spam? [duplicate]
  32. Why do I get comment spam even with Akismet and Captcha?
  33. Tips for finding SPAM links injected into the_content
  34. How to deal with small scale comment spam on small commercial sites? [closed]
  35. What methods should be used to fend off splogs in a multiuser install? [closed]
  36. How to remove comment spam in WordPress
  37. How is comment spam received without a comments form?
  38. Local wordpress setup with SPAM in the incoming links dashboard section?
  39. How to prevent spam users registering even with registration disabled
  40. Allow anonymous comments, but prevent spam [closed]
  41. How exactly does Bad Behavior plugin work?
  42. Is there any advantage to emptying comment spam?
  43. Why do I get email notifications about comments that WordPress has already determined are spam?
  44. Number of External Links in Comments – Moderation Option
  45. Comments screen in backend, how to disable Quick Edit | Edit | History | Spam | for non admins
  46. Check spam in custom form – akismet
  47. Mass delete spam accounts
  48. What is the best way to avoid spammers registering to my blog?
  49. What do spammers gain by signing up as a user?
  50. Strategies for coping with hyperagressive spambots?
  51. Remove default user registration, login and subscriber profiles
  52. How to expire all wordpress user passwords instantly?
  53. 14,000 WordPress Users. How did they get there?
  54. Invisible spam post in backend
  55. Auto delete WordPress users according to time
  56. How to make a secure blog that is completely private?
  57. Auto delete comment if Contains
  58. How do I programmatically set a user as spam in BuddyPress? [closed]
  59. All users/comments suspected as bot? [closed]
  60. Spammers attacking my WordPress Site – Removing URL field from core? [closed]
  61. Emails not getting delivered to Hotmail addresses
  62. Getting thousands of registration spam
  63. What do comments with […] mean?
  64. How to use a 3rd party library to send emails?
  65. oembed_cache SPAM problem [closed]
  66. How to find a spam link?
  67. Multisite signup spam troubles
  68. CAPTCHA plugin where I can use my own images and ask my own questions? [closed]
  69. reCaptcha doesnt appear in comment (manual or plugin)
  70. Make every comment go to the spam folder
  71. Database hacked – random posts are modified
  72. Anonymous spam comments when only registered users can comment
  73. How to stop direct HTTP POST to a PHP script?
  74. Has anyone developed a anti-spam plugin to simply allow users to BLOCK whatever they wish to, but one that will also go easy on IP addresses?
  75. How to add captcha to publish widget
  76. Prevent Registration Where Role is None?
  77. Auto post Spams on my wordpress blog?
  78. CPU overload spam – redirect link to wp-admin and new post
  79. WordPress site member verification emails going to spam on Outlook
  80. Block to accept and send email to specific domains
  81. Getting hundreds of spam orders in WooCommerce with failed stripe payment [closed]
  82. Spam Content Serving from old cached version of site?
  83. Why does my admin email address keep changing to something random?
  84. I want to change the WordPress comments file
  85. Automatically reject a comment if website field contains anything
  86. Spam written by registred users
  87. Site has fake users registered with a similar pattern in username and email
  88. Comment moderation
  89. Prevent incoming $_GET requests
  90. Hold a comment in the queue if it contains [X] or more links
  91. Prevent registration except through form
  92. Contact form spam, without form?
  93. How do spam users register while I’ve only enabled registration by Gmail via Janrain?
  94. Auto-deleting comments that trigger the blacklist
  95. Stop Authors from submitting spam post
  96. comments are going to spam
  97. How can I prevent wordpress from sending emails
  98. Can admin-ajax.php be used for spam purposes? And if yes, how to prevent that?
  99. How to hide and disable URL and email fields from comments?
  100. Dealing with HTTP w00tw00t attacks