Log in

No account? Create an account

niciasus in lj2wordpress

Concerns About WP Security

Hi All,

A few users have registered at my self-hosted WP Blog. Here's the situation. None of these users have made any comments and what few comments made on the blog are from LJ communities of posters I am familiar with their screen names.

I am thinking about closing down registration since I don't publish private entries. I had specifically noted that registration is not required to comment.

So why would anyone register? Is this a means of hacking into my blog. What security measures should I take to protect my blog.


Personally, I've never allowed just anyone to register for my fandom blog. I'm not a BNF, so why should I allow uncounted anonymice to register at my blog? I handle that on a personal invitation basis: I offer my friends the option to get a user account at my blog so they can read and comment on my flocked posts at the WordPress blog as well.

The rest of the world? They can still read and comment on public posts. That's good enough, I think. ;-)

I don't think you have to worry about WordPress security. They might be completely innocent ppl interest in what you write. Or clueless, annoying, but harmless spammers.

The easiest way out is to close down registration and to delete all users from your database that you do not know.

Good luck!

Edited at 2009-02-25 12:12 am (UTC)
Thanks! Will close down registration. This does ease my mind regarding the security issue.
The community here is of general consensus. Thanks!
It isn't a security breach as such. It's spam. Copy the email that was used to register and search it in Google; if the first two or three hits are from the spam prevention forum it's a pretty good bet that that registration is made by a spambot.

The original idea seems to have been that comments by registered users are less likely to be caught in a spam filter; I'm not sure if that's still the case, or whether such bot registrations are now a form of spam in their own right, but there you go.

If it isn't a loss of functionality for you, the easiest way to deal with it is just to turn off open registration.
They are definitely spam per Google. I have heard others had their WP blog hacked, so I was concern. Closing off registration now. Thanks!
The Sabre plugin works for me. It helps prevent bots and other fake users from registering.

March 2010



Powered by LiveJournal.com