WordPress.org

Ready to get started?Download WordPress

Forums

Possible security vulnerability (4 posts)

  1. dwees
    Member
    Posted 5 years ago #

    I have disabled posting of comments by anonymous users. However I have noticed that 2-3 comments from people who are clearly not logged in have slipped into my moderation queue.

    No idea how this exploit works, so I don't feel too concerned about publishing it here, but it is clear that there is a way to post comments anonymously. If anyone could look into this, that would be helpful.

    Dave

  2. moshu
    Member
    Posted 5 years ago #

    I have disabled posting of comments by anonymous users.

    And exactly how did you do that?

  3. dwees
    Member
    Posted 5 years ago #

    Under the General options there is a box beside Membership that says "Users must be registered and logged in to comment" and I checked that.

    I handle all user registrations for my site myself, and have checked this box, and when I navigate to the page in question, it has the "You must be logged in to comment" link.

    However I have now 3 times found comments from people who were clearly not members of my blog in my moderate queue and have deleted them.

    I just want to sort this out before I end up with thousands of comments there (Akismet is not an option because of the bizareness of my server set-up, over which I have no control. Think PHP with no remote file functions.).

    Dave

  4. dwees
    Member
    Posted 5 years ago #

    As an aside, I have 3 plugins enabled:

    1 admin
    Admin Management Xtended by Oliver Schlöbe.

    2 filters
    Kimili Flash Embed by Michael Bester
    Mathfilter by David Wees

Topic Closed

This topic has been closed to new replies.

About this Topic