That is odd indeed. Are you saying your blog is entirely open to any random person making an account? If so, you might want to shut it down a bit. In any case, until you figure it out, or in addition, add user name “admin” to “Immediately block the IP of users who try to sign in as these usernames” on the “All Options” page. While doing so, add a few other common user names that might be brute forced, such as “administrator, manager, login” and so on. I also put in all names of our bloggers with WordPress author pages, who would never login themselves, as the criminals tend to harvest those names and try them as logins. MTN
Thread Starter
glinch
(@glinch)
Its a woocommerce store, so anyone can buy off it and get the role of a customer.
Yeah, I added a user as “Admin”, will prob need to add some of the common names as you have suggested.
Thanks for the feedback @mountainguy2 cheers 👍
Hi @glinch
Just wanted to let you know that we had this issue logged in our issues tracker system (internal reference number: #FB6309), so in one of the upcoming releases users created via WooCommerce won’t be able to register accounts with username “admin” if you have “Prevent users registering ‘admin’ username if it doesn’t exist” option enabled. However, I don’t have an ETA for that update yet.
Thanks.
Thread Starter
glinch
(@glinch)
@wfalaa cheers for letting me know. Thanks
