June 30th, 2012, 10:31 AM
Wordpress security concern
I checked the list of uses in my wordpress database and saw three user IDs that were not created by me. I am the only one that has access to the admin area of wordpress. The user IDs were: nakedcelebsr, dvd-player, and how-to-lose-five-pounds-in-a-week.
I do not allow commenting in the posts and the Membership option under Settings > General in the Dashboard is deselected.
I just don't understand how these IDs were created.
June 30th, 2012, 11:40 AM
This is not an HTML question, so I'll move this to the PHP forum for you.
June 30th, 2012, 04:21 PM
Is your WordPress installation out of date?
The version is now at 3.4.1 but the previous version was at 3.4.0 or very close to that.
Looking at the creation date of the last user, 2011-01-23 05:37:41, I am wondering if the IDs were created when I had commenting on. I will install wordpress on my computer and play with these settings.
There's a 99.99999% chance that these accounts were created automatically by some SPAMING script. It happens all the time. You don't need any links or ideas on your site about registration because these scripts already know how to get to the standard Wordpress registration form.
What I'd suggest is that you look for a plugin that can limit or block user registration. There's a fair few of those around and that will be the most useful thing for you.