• Resolved heimoviktor


    Dear All,

    my website forced me to to approve a new registration (manual approvement), but today somebody was able to registrate a new user without manual approvement and he was able to change the password.

    How can that be?

    Thanks in advance.

    Kind regards


Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support vupdraft


    There are some mechanisms in WordPress for User registration that bypass the normal contact form. One would be the REST API, and another one is XML-RPC.

    You can disable the Rest API under Miscellaneous
    You can bock XML-RPC under Firewall>>Basic Firewall Rules.

    Thread Starter heimoviktor



    thank you very much for your quick answer. XML-RPC was blocked, but REST API was activated. I deactivated REST API now.

    Kind regards.


Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘registration’ is closed to new replies.