WordPress.org

Ready to get started?Download WordPress

Forums

Does wordpress have major security hole in comment system? (6 posts)

  1. goldsztajn
    Member
    Posted 3 years ago #

    I have been using WordPress since about 2.2 and one thing I have noticed on all versions since that time is that comments or trackbacks can be submitted to my sites even when I have all comment and trackback facilities turned off.

    Because all of these had to be approved it has never been a problem since i simply deleted everything as spam. However, there has been some recent major hacks to my websites and this seems to be one area which the techs i am working with are interested in. Does anyone else know of this?

    I'm upgrading now to 3.0.1 but would like to know if this was and/or remains a problem with the new version.

  2. Samuel B
    moderator
    Posted 3 years ago #

    the only security problem known at the moment is
    http://wordpress.org/support/topic/possible-cross-scripting-vulnerability?replies=4

    spam 'bots seem to be able to ignore the rulkes
    I recommend this plugin
    http://wordpress.org/extend/plugins/bad-behavior/

  3. goldsztajn
    Member
    Posted 3 years ago #

    Thank you for the reply. It is rather disconcerting that this can happen.... Any reason why this kind of problem has not been dealt with? Using a pluggin to block the spam bots seems to be dealing with the symptoms and not the cause.... (I upgraded to 3.0.1 just two hours ago and already the same problem).

  4. Samuel B
    moderator
    Posted 3 years ago #

    it's not as simple as you think
    you can google for lots of answers

  5. goldsztajn
    Member
    Posted 3 years ago #

    I have tried googling this repeatedly and never found a satisfactory answer other than hacking out the comment code with every single install of wordpress (which either way would still be dealing with symptoms and not cause). Sorry if you think I implied it is "simple", that wasn't my intention; it's obviously not simple because the problem has remained for so long.

  6. Samuel B
    moderator
    Posted 3 years ago #

    and it's not just wordpress - it's any software with commenting system

Topic Closed

This topic has been closed to new replies.

About this Topic