WordPress.org

Ready to get started?Download WordPress

Forums

How are unregistered users posting spam comments - WP 3.0.1? (3 posts)

  1. BillyRayPreachersSon
    Member
    Posted 3 years ago #

    Hi,

    I'm using the latest WP, v3.0.1 for my blog. In my "Discussion" settings, the following settings are definitely enabled:

    - Comment author must fill out name and e-mail
    - Users must be registered and logged in to comment
    - Comment author must have a previously approved comment

    I'm also using the WP-reCAPTCHA and reCAPTCHA Form plugins, which are both fully up to date.

    Today, two users who are not and have never been registered on my site have managed to post comments that were immediately surfaced on the front end.

    This opens up two questions:

    1) If I have the "Users must be registered and logged in to comment" option set, how are to unregistered users able to post comments?

    2) Even if they were registered users, given I've got "Comment author must have a previously approved comment" enabled, how were they able to bypass the approval process?

    Is this a new unknown security hole, or am I missing something?

    Thanks!

    Dan

  2. GeoffreyG
    Member
    Posted 3 years ago #

    I am seeing this as well, and it is really annoying...does anyone know how to fix this problem? I have it set to require users be registered, but that doesn't seem to stop it from happening. Any ideas about how to fix this problem?

    Thanks,
    GeoffreyG

  3. Paul Whitener Jr.
    Member
    Posted 3 years ago #

    There is a more recent thread where a solution to this issue is evolving:

    http://wordpress.org/support/topic/spam-bypassing-comment-registration?replies=4#post-2111714

Topic Closed

This topic has been closed to new replies.

About this Topic