How come a stranger can register on my site

  • Bliss7

    (@bliss7)


    6 years ago

    I need help on this issue.

    I had someone, maybe a troll or hacker wannabe who registered on my site without my permission. And the Settings in General was not allowing anyone to register. My site is a content site and the “Anyone can Register” was not ticked at all.

    How come this stranger can register on my WordPress site? And he registered as Administrator!

    PS: This was a site with WordFence plugin switched on. So much for its security capability.

Viewing 6 replies - 1 through 6 (of 6 total)
  • wisconsinwebsites

    (@wisconsinwebsites)

    Sorry this is happening. Two things come to mind right away and keep in mind I do not know your level of WordPress expertise.

    1. Delete the user.
    2. Does WordFence have a user that has admin?
    3. Check if you have any other mysterious useres.

    Good luck!

    Obdormio

    (@obdormio)

    This just happened to me as well. A new user was registered, as an administrator. I have never had “anyone can register” checked. I don’t have the WordFence plugin.
    I deleted the user right away, and it doesn’t seem like it was used to do anything, but it is very worrying.

    Thread Starter Bliss7

    (@bliss7)

    Indeed it is very serious. I have had this happen to TWO sites of mine now, and both had Wordfence on them, and there was nothing from Wordfence.

    Both times the hacker registered as Administrator. Both sites do not allow any Tom, Dick, or Harry to register….Both sites are very updated on all themes and plugins….

    And this is the first time I have seen something like this!

    And luckily WordPress has a core function to let the present Administrator know about any new registrations.

    Otherwise, who knows what a major disaster it is going to be!

    This looks SERIOUS enough to warrant the highest authorities in both WordPress and Wordfence to be aware about….

    Has a major HOLE been discovered in WordPress by hackers?

    I highly doubt there’s a vulnerability in WordPress being exploited here. It’s more likely that a plugin or your theme is either enabling this deliberately, or is itself vulnerable. Is WordPress completely up to date? Could you share a link to the affected site?

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    Thread Starter Bliss7

    (@bliss7)

    For what it’s worth, I checked the notifications of Wordfence and found that the plugin WP GDPR Compliance was removed from WP repository on November 6. Marked Critical. But I did not get any notice from Wordfence about it. I had to manually check and only just spotted it. And only the Wordfence in one site reported this, others no….

    Quite weird.

    So I *think* this plugin is the culprit. Both my sites had this plugin on.

    And indeed, today I was complaining that this stupid plugin was having too many updates.

    Conclusion? A sign that a plugin is dangerous is when it is being updated too regularly for no good reason?

    And there are some plugins like that. Their authors have TOO MANY updates like almost every week, or every day. It is time to say NO, to such plugins (my personal opinion).

    The jury is out. You decide.

    PS: I see the plugin is still on WordPress so I have no idea what is the story or why Wordfence reported it as a Critical Issue (in only one site that was affected). But I have now removed the plugin from all my sites.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘How come a stranger can register on my site’ is closed to new replies.