WordPress.org

Ready to get started?Download WordPress

Forums

User signed up on 2 blogs, but I do not give permission / link for this (2 posts)

  1. Jon W
    Member
    Posted 4 years ago #

    Using 2.8.4 and today a user signed up on 2 of my blogs, and I do not show the meta/login widget, so how did they do it? Is WP account registration is simple URL that anyone can type in? By default new users are subscribers, but a bit worrying that people can sign up. Some suggested it could be a bot, and I did find an instance of another chap who mentioned that the same person (account and email) had "hacked" his blog (sign up).

    Is this a 2.8.4 vulnerability, or just an easy trick for a bot to do, and not a major problem so long as default new users subscribers?

  2. esmi
    Forum Moderator
    Posted 4 years ago #

    how did they do it?

    By going straight to the registration url.

    Is WP account registration is simple URL that anyone can type in?

    Yes

    If you don't want new subscribers registering without approval, uncheck "Anyone can register" in Admin/Setting/General.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.