How to discover the way a user registers without going through the form?

  • Resolved miguel

    (@miguelappstudio)


    1 year, 4 months ago

    Hello.
    they sent me here again

    I have your plugin installed

    I want to know if your Defender plugin is what I need to solve the following problem:

    I’m having problems. there is a hacker that registers users without going through the user registration in WordPress.

    Users, with very rare emails, appear in the user list.

    I have an alert system for when a user registers on the web.
    When you register, you are sent an email to set the password, and also I, as the site administrator, receive an email that a new user has registered.

    This may be a backdoor that the Hacker has on my website.
    I still haven’t been able to figure out how to register these users, I haven’t been able to fix it with your free plugin, I may not be using your plugin correctly.
    I want to see all the functions it has to finally choose to buy your plugin or another

    I don’t know if you can advise me and tell me what I can do to correct this problem on my website.
    I can delete the entire site, but it would take me days to recreate it.

    You can help?

    Thanks for your attention

Viewing 16 replies (of 16 total)
  • Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    Hi @miguelappstudio

    I understand that you tried suggested Defender settings and they didn’t help, right?

    If so, then there is a chance that the way those registrations go through are actually due to exploiting some WooCommerce (or other plugin’s or even theme’s) vulnerability – even if they only seem to go through WooCommerce registration. With Defender we do everything in our powers to keep the vulnerability database in the plugin up to date but there’s really no way to – for any security plugin/tool – to always provide a 100% “bulletproof” safety, I’m afraid.

    The key point in such cases, when most of precautions fail, isn’t really to try to to “guess” what would secure it but to precisely identify the problem – because only then we can also precisely target it.

    In general though, you need to make sure

    – that everything is up to date,
    – that no unnecessary (e.g. unused or rarely used) plugins are there active and even installed; same applies to themes
    – check all the custom code on site – if there is any – as this is extremely often the “weak point”
    – keep captcha active on registration
    – review site’s analytics and server’s access logs to try to identify bots that may be hitting the site too much (or maybe even accessing Woo registration page) and then try to block them
    – it’s also good to put the site behind CloudFlare and enable its “under attack” mode as this can quite efficiently mitigate various bots attacks; usually after some time of being blocked such bots simply quit on accessing the site; at least for some time.

    Kind regards,
    Adam

Viewing 16 replies (of 16 total)
  • The topic ‘How to discover the way a user registers without going through the form?’ is closed to new replies.