SECURITY – wp-activate.php and wp-signup.php | WordPress.org

bdoreste
(@bdoreste)

16 years ago
I am running WP3.0 RC3 with the trunk version of Donncha’s domain mapping plugin and 4 separate blogs.

I want to lock down my install from spamming attempts. Is it safe to restrict access to wp-activate.php and wp-signup.php if I have no intention of opening my install up to blog signups? The only way I would ever create a new blog is from the Super Admin menu.

I already have wp-config.php restricted in my .htaccess file with the following code; can I safely do the same with wp-activate.php and wp-signup.php?
```
<files wp-config.php>
Order deny,allow
deny from all
</files>
```

Viewing 3 replies - 1 through 3 (of 3 total)

Andrea Rennick
(@andrea_r)

16 years ago

Go to Super Admin -> Options.

Turn off signups. Problem solved.

Thread Starter bdoreste
(@bdoreste)

16 years ago

yep, I have signups turned off in Super Admin, and the install returns the ‘registration is disabled’ message, but I came across the following thread on wpmudev.org

http://premium.wpmudev.org/forums/topic/spammer-bypassed-signup-code

Andrea Rennick
(@andrea_r)

16 years ago

Then make sure you have “Let admins add new users” turned off as well.

In the thread you referenced, they’re partly talking about their own plugin that a spammer seems to have bypassed, and the OP had registrations turned ON.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘SECURITY – wp-activate.php and wp-signup.php’ is closed to new replies.

Tags

In: Alpha/Beta/RC
3 replies
2 participants
Last reply from: Andrea Rennick
Last activity: 16 years ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics