Last days I’ve received multiple password recovery attempts for a WordPress user. The user didn’t initiate these attempts.
I’m blocking the IP’s on the server, but I don’t see what the goal of the attacker is. I checked the mails the user receives, and they contain a valid password reset link (so no phishing attempt).
So I don’t really understand what the attacker is trying to achieve with these password recovery requests. Or are they just checking for vulnerabilities on that page?