#1
  1. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Nov 2003
    Posts
    697
    Rep Power
    95

    Wordpress security concern


    I checked the list of uses in my wordpress database and saw three user IDs that were not created by me. I am the only one that has access to the admin area of wordpress. The user IDs were: nakedcelebsr, dvd-player, and how-to-lose-five-pounds-in-a-week.

    I do not allow commenting in the posts and the Membership option under Settings > General in the Dashboard is deselected.

    I just don't understand how these IDs were created.

    Any suggestions?
    Evan
  2. #2
  3. CSS & JS/DOM Adept
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jul 2004
    Location
    USA (verifiably)
    Posts
    20,124
    Rep Power
    4304
    This is not an HTML question, so I'll move this to the PHP forum for you.
    Spreading knowledge, one newbie at a time.

    Check out my blog. | Learn CSS. | PHP includes | X/HTML Validator | CSS validator | Common CSS Mistakes | Common JS Mistakes

    Remember people spend most of their time on other people's sites (so don't violate web design conventions).
  4. #3
  5. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    Is your WordPress installation out of date?
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  6. #4
  7. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Nov 2003
    Posts
    697
    Rep Power
    95
    The version is now at 3.4.1 but the previous version was at 3.4.0 or very close to that.

    Looking at the creation date of the last user, 2011-01-23 05:37:41, I am wondering if the IDs were created when I had commenting on. I will install wordpress on my computer and play with these settings.
    Evan
  8. #5
  9. Code Monkey V. 0.9
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2005
    Location
    A Land Down Under
    Posts
    2,103
    Rep Power
    1990
    There's a 99.99999% chance that these accounts were created automatically by some SPAMING script. It happens all the time. You don't need any links or ideas on your site about registration because these scripts already know how to get to the standard Wordpress registration form.

    What I'd suggest is that you look for a plugin that can limit or block user registration. There's a fair few of those around and that will be the most useful thing for you.

IMN logo majestic logo threadwatch logo seochat tools logo