Getting attacked with new users on my wordpress website. How?

7 replies
I have just recently been attacked with new user registrations on my wordpress website. Whatever it, them, or program it is are trying to add new posts to my wordpress site. I have a forum plugin, but it is inactive. I have woocommerce installed as well, and blog posts obviously but they are not posting comments so they can´t be adding users there? How do I stop this? They are coming on as contributors which allows them to write a draft for a post but not approve it. However somehow a few got through and became published. As you can imagine this is very annoying. What can I do to stop this from happening, and how is it happening? Any help is greatly appreciated.
#attacked #users #website #wordpress
  • Profile picture of the author Yvon Boulianne
    That's difficult to say without auditing your website, can be sql (database) injection or another flaw in one of your program.

    They use penetration tools that check version of your software (sql, apache etc..) to find a hole and they exploit it.

    You can stop them by updating the security of your site + updating the software behind your blog, that is not easy and you usually need to hire someone that know a lot about computer security like me (37 years at more or less 10 hours a day lol) .

    You can msg me if you need help

    Good luck
    Yvon
    Signature
    Stop Struggling With Your Website and Marketing
    30$ / task, pay after done!
    {{ DiscussionBoard.errors[9390428].message }}
    • Changed the admin password and these little hacks are still getting in somehow. Are there any security plugins that can be installed, or a test I can run to see where they are getting in? I mean they can´t be obtaining contributor site roles through normal wordpress comment signups, or forum signups correct? Would you say I have been actually hacked vs. missing a blog role setting somewhere?
      {{ DiscussionBoard.errors[9391507].message }}
  • Profile picture of the author bjadams
    Wordpress is complicated and has 1000s of options

    you have to go through all options and set all security measures
    {{ DiscussionBoard.errors[9390482].message }}
  • Profile picture of the author goldengater
    I have a website that is on some hacker's list to try to get into about 2 X a week. I get a series of emails messages telling me of attempted fraud on many backend pages - php, etc. At some time, I will pay the nice man who offered to help so I can get it cleaned up. It has not effected my Google status (Yet) - now that is something you do not want to deal with. Good luck. Keep working at it. Kind Regards, Jan
    {{ DiscussionBoard.errors[9390505].message }}
  • Thanks for the feedback. I have heard Wordpress can have some holes to get through. The strange part is they are creating contributor site roles, so it does not appear to be through the forum. As far as I know, I thought the administrator is the only one that can assign site roles. I am going to change my passwords, starting to think they copied my keystroke or something. I will let you know if this stops it. Currently they are dumping about 40 new accounts a day. Sad part is, it is probably a 12 year old in middle america somewhere. What ever happened to playing baseball... damn.
    {{ DiscussionBoard.errors[9391402].message }}
  • It appears that I have solved the problem. While scouring the internet I ran across a post that explained It as user registration spam, and is easily prevented by doing the following in the wordpress dashboard.

    Turn off user registrations: Settings >> General – Membership – un-check “Anyone can register” – Save Changes

    Seems simple, well that´s because it is. I figured it was a setting that I had missed.

    As far as I can tell that has solved the problem. Hope this helps someone with this extremely annoying issue.
    {{ DiscussionBoard.errors[9391862].message }}
  • Profile picture of the author Anne Laidlaw
    Glad there was an easy fix for you. Dam hackers
    Signature
    Giant Plugin Biz High Quality WP Plugin Package
    WP Plugins Are Hott!! Claim Your Piece Of The Pie Today!
    Free Squeeze Page Creator - FREE Instant Access To Alou's Killer Squeeze Page Creator.
    Alou.com - Wordpress SEO - Latest free WordPress SEO, Plugins, Themes and more!
    {{ DiscussionBoard.errors[9392499].message }}

Trending Topics