SECURITY - wp-activate.php and wp-signup.php (4 posts)

  1. bdoreste
    Posted 6 years ago #

    I am running WP3.0 RC3 with the trunk version of Donncha's domain mapping plugin and 4 separate blogs.

    I want to lock down my install from spamming attempts. Is it safe to restrict access to wp-activate.php and wp-signup.php if I have no intention of opening my install up to blog signups? The only way I would ever create a new blog is from the Super Admin menu.

    I already have wp-config.php restricted in my .htaccess file with the following code; can I safely do the same with wp-activate.php and wp-signup.php?

    <files wp-config.php>
    Order deny,allow
    deny from all
  2. Go to Super Admin -> Options.

    Turn off signups. Problem solved.

  3. bdoreste
    Posted 6 years ago #

    yep, I have signups turned off in Super Admin, and the install returns the 'registration is disabled' message, but I came across the following thread on wpmudev.org


  4. Then make sure you have "Let admins add new users" turned off as well.

    In the thread you referenced, they're partly talking about their own plugin that a spammer seems to have bypassed, and the OP had registrations turned ON.

Topic Closed

This topic has been closed to new replies.

About this Topic