Support » Everything else WordPress » Anybody else see wp-register.php abuse?

  • Resolved hetta


    I’ve disabled wp-register.php for now, as I’ve been getting fly-by-night registerings — as in, they POST straight to wp-register without bothering to visit the site first.

    I see two possibilities: 1) a security hole, and 2) blog comment spammers, trying to circumvent the “only registered users can post comments” thing.

    If it’s any help, they all come with the same user-agent: “Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)”.

    Any ideas?

Viewing 7 replies - 1 through 7 (of 7 total)
  • Do they come from the same IP? If so you can just block it with .htaccess.

    One IP per fly-by POST to wp-register.

    yes and I manage to circumvent a good deal of it by doing this:

    RewriteCond %{HTTP_REFERER} !^http://([^.]+.)?*$ [NC]
    RewriteCond %{REQUEST_URI} ".*wp-register.php$"
    RewriteRule .* - [F]

    it doesnt take care of them all; I see maybe one registration every 2 weeks. Easily something I can manage.

    But then I also use mod_security, so if I see patterns i can take care of those 2 with that.

    Theres absolutely NO reason why anyone needs to hit that page without having the referer be your domain. And i couldnt give a crap less about ppl that refuse to send referers when they surf, far as Im concerned thats all the more reason to keep folks off my site, completely.

    Thanks, whooami.

    youre very welcome .. 🙂

    RewriteCond %{HTTP_REFERER} !^http://([^.]+.)?*$ [NC]
    RewriteCond %{REQUEST_URI} “.*wp-register.php$”
    RewriteRule .* – [F]

    Sorry for the newbie question, but where do I add that? I need it, too.

    in your .htaccess file

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Anybody else see wp-register.php abuse?’ is closed to new replies.