registration enabled with “Anyone can register” disabled

  • Resolved reguera

    (@reguera)


    6 years, 1 month ago

    Hello,

    I was hacked with the vulnerability discovered in November. New admininstrator Account “wp.service.controller.XXXXX” was created but I already managed to clear the installation, update WP, plugins and do a full scan with WordFence. So far so good.

    The problem, page ../register is still accessible and fully working. Accounts can be registered.

    I already tried to disable the plugin, turn on/off “Anyone can register”, re-enable plugin, and same behaviour. I can remove “Register” page, disable all links (secondary buttons) from login form and the issue will be “fixed”, however vulnerability is still there.

    Wordpress 5.0.3 + Ultimate Member updated today.

    What is the problem please? Am I missing anything?

Viewing 1 replies (of 1 total)
  • Plugin Support Ultimate Member Support

    (@ultimatemembersupport)

    Hi @reguera,

    Can you please clarify what vulnerability are you referring to?

    Disabling “Anyone can register” only disables WordPress built-in registration via your wp-admin page. If you want to disable Ultimate member registration you should remove/unpublish Ultimate member registration page.

    Regards.

Viewing 1 replies (of 1 total)
  • The topic ‘registration enabled with “Anyone can register” disabled’ is closed to new replies.