WordPress.org

Ready to get started?Download WordPress

Forums

User Submitted Posts
My site is getting hacked! (4 posts)

  1. vilvintage
    Member
    Posted 3 months ago #

    Hi
    I'm using this plugin to allow users to register and submit posts to my site. All posts submitted like this need to be approved by me before they are published, but I've suddenly started getting lots of smammy posts published on my site (without me approving them). I've checked the logs and my password hasn't been compromised, it looks like they are doing it through your plugin somehow. Can you advise how I can lock this down other then just removing your plugin please?

    Thanks!

    https://wordpress.org/plugins/user-submitted-posts/

  2. Jeff Starr
    Member
    Plugin Author

    Posted 3 months ago #

    Unfortunately, spam is a common problem for any public form. The plugin includes a challenge question, hidden field, and other anti-spam measures to stop automated spam, but a human will still be able to submit whatever spam or other content easily.

    The free version of User Submitted Posts doesn't handle user registration, but the submission form itself can be better protected against spam by requiring the user to be logged in before they can submit content. There are numerous ways of doing so, including something like this:

    <?php if ( is_user_logged_in() ) {
    	// display form
    } else {
    	// don't display form
    } ?>
  3. vilvintage
    Member
    Posted 3 months ago #

    Hi Jeff

    Thanks for your reply. My concern is more that they are managing to PUBLISH the posts they are submitting somehow when my settings are set to prevent this. I already require my users to register to be able to submit, so know really know what to stop this other than stopping using the plugin (which I'd hate to do because it's working beautifully otherwise). Have you come across anything like this before?
    You can see my site here: http://vintagegazer.com

  4. Jeff Starr
    Member
    Plugin Author

    Posted 3 months ago #

    Are you sure it's not a logged in user(s) who is spamming you? Or it could be an issue/conflict related to another plugin, script, or even the theme itself. Either way, I've added this to the list and will take a look next update. Thanks for the feedback.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags