Security conflict?

  • First off: what a shame that this site itself doesn’t do SQRL logins!

    This is almost certainly either a misconfiguration on my part, or a lack of understanding, or a conflict with one of my plugins. I successfully installed the plugin (props for making it a no-brainer), and immediately logged in using my SQRL identity. I declined to then “register”, and continued as garbled-random-user-name. So far, so good!

    Unfortunately, I’m now allowed to post comments on posts with this anonymous user account, something that I don’t ordinarily allow – the level of spam floating around these days is so ridiculous that within minutes (I kid you not) of firing up my shiny brand new blog, I was getting hit. Hence I require that only logged-in users can comment, and admin approval before they can log in for the first time. While I doubt that the average hackbot will be aware of this chink, I doubt it’s expected behaviour.

    For context, I’m on WP 5.4.2, SQRL Login 2.1.0, and use Theme My Login v7.1 and WP Approve User v7.

    Any steer you could give me on how to stitch this hole closed would me much appreciated!

    Ken.

Viewing 1 replies (of 1 total)

  • Hi Ken,

    It is no shame if any site does not use SQRL logins. And this is expected behavior. If you allow the logged-in users to post comments on posts, anonymous user accounts are also allowed. They are also logged-in users but anonymously. What capabilities do you want to provide to anonymous users, if you’re not expecting to treat them as logged-in users?

    Thanks!

Viewing 1 replies (of 1 total)
  • The topic ‘Security conflict?’ is closed to new replies.