wp-login.php?action=register

  • shepsta

    (@shepsta)


    9 years, 1 month ago

    Had something interesting on one of my sites and was trying to see if any damage was done or what they were doing. For about 24h I had a bunch of tor traffic that was going to wp-login.php?action=register and creating subscriber accounts. Must have created over 100.
    I’m not sure why “anyone can register” was enabled, think it was for the bbpress. bbpress was disabled, something we were going to implement but haven’t got around to it yet.
    Deleted all the subscriber accounts, turned off the anyone can register. Theme, wordpress and plugins are all up to date. Site also has wordfence.
    What would be the purpose of creating all those accounts? Like what can they do with a subscriber account?

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator James Huff

    (@macmanx)

    9 years, 1 month ago

    In most cases, it’s just spam bots preemptively getting around WordPress’s “must be logged in and registered to comment” anti-spam option, which is also why that’s not a very effective anti-spam option. 😉

    I wouldn’t be too worried about it. Unless further extended by a plugin, Subscribers can’t do anything but edit their own profiles and leave comments. If you don’t need registration, switching that off is definitely the right thing to do.

    ProfileLearning

    (@profilelearning)

    9 years, 1 month ago

    We had the exact same thing with a number of subscriber accounts being created. We also had “anyone can register” enabled, but by design. We are an association web-site. Anyone can access the public parts of the site and post comments but we have the Ultimate Member plug-in installed so some pages are restricted to members only and you have to be logged in to access these pages. We had hoped to be able to allow members of the association to fill out a ‘Register’ form and then have accounts created as ‘pending’ before being approved as subscribers which then gave them rights to access the members’ pages.
    With ‘anyone can register’ set, the hacker bots can completely bypass the Ultimate Member plug-in and create accounts.
    We installed Wordfence and blacklisted about 100 IP addresses as the attacks came in. We also disabled ‘anyone can register’ and it is still disabled. Obviously, the attacks have stopped but we would like to find a way of allowing our members to register which currently would mean switching ‘anyone can register’ back on.
    Any suggestions?

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘wp-login.php?action=register’ is closed to new replies.

Tags