WordPress.org

Ready to get started?Download WordPress

Forums

SECURITY - wp-activate.php and wp-signup.php (4 posts)

  1. bdoreste
    Member
    Posted 4 years ago #

    I am running WP3.0 RC3 with the trunk version of Donncha's domain mapping plugin and 4 separate blogs.

    I want to lock down my install from spamming attempts. Is it safe to restrict access to wp-activate.php and wp-signup.php if I have no intention of opening my install up to blog signups? The only way I would ever create a new blog is from the Super Admin menu.

    I already have wp-config.php restricted in my .htaccess file with the following code; can I safely do the same with wp-activate.php and wp-signup.php?

    <files wp-config.php>
    Order deny,allow
    deny from all
    </files>
  2. Go to Super Admin -> Options.

    Turn off signups. Problem solved.

  3. bdoreste
    Member
    Posted 4 years ago #

    yep, I have signups turned off in Super Admin, and the install returns the 'registration is disabled' message, but I came across the following thread on wpmudev.org

    http://premium.wpmudev.org/forums/topic/spammer-bypassed-signup-code

  4. Then make sure you have "Let admins add new users" turned off as well.

    In the thread you referenced, they're partly talking about their own plugin that a spammer seems to have bypassed, and the OP had registrations turned ON.

Topic Closed

This topic has been closed to new replies.

About this Topic