[Plugin: Members Only] Is there any way to bypass? (1 post)

  1. ndna
    Posted 8 years ago #

    Hi, I'm using WP 2.6 and Members Only 0.6.5 (both are latest)
    I'm also using WassUp plugins to track visitors and also the logins.

    However, I notice something strange: there are IPs which are not logged in (Username not shown), but still visiting pages. Look at this: 2008-07-31 20:13:40
    Referrer: Direct hit
    Hostname: adsl-dynamic-pool-xxx.fpt.vn

    * User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/2008070208 Firefox/3.0.1

    * vn OS: WinXP
    * BROWSER: Firefox 3.0

    * 20:11:06 ->/wp/D06TransTeam/wp-login.php?redirect_to=/wp/D06TransTeam/
    * 20:11:18 ->/wp/D06TransTeam/wp-login.php
    * 20:11:28 ->/wp/D06TransTeam/wp-login.php
    * 20:12:59 ->/wp/D06TransTeam/?p=156
    * 20:13:40 ->/wp/D06TransTeam/?p=158

    p=XXX is my blog entries.
    He/She is even visiting the latest entry, which I wrote AFTER fixing security measures mentioned in the WP Security Scan Plugin. The post ID 158 is entered, so he/she must know before hand that that post exists.
    I don't know why this happens. The IP is of another ISP in MY COUNTRY, so it's not some function from my plugin or anything else.
    This is too dangerous.

Topic Closed

This topic has been closed to new replies.

About this Topic