Security issues with giving free WP accounts to general public

It is conceivable if they can edit templates they can run any PHP code they want.

Thanks for your reply, Matt.

Are the templates they only place they can insert their own PHP code? I could probably easily disable template modification, but then that would greatly limit the customizability of WP. Another option is to add a hook to the template modification to check for certain PHP functions, but that would require more work, and it may still create conflicts with legit users.

Hmmm…. what to do? I really want to provide a free WP hosting service to people who can’t afford a host, but I don’t want make my servers vulnerable to total strangers (versus paying customers who can be easily identified). Anyone have any ideas, or know of some other place/people that might have solutions? ??

WordPress.com is doing exactly this.

Users get author permissions only. You can create categories and links, but you cannot install plugins or alter themes.

Ah, wonderful. Thanks for the link ??
Hmm… it looks like it’s by invite only. That’s an interesting way to do it. Looks like google has started (or rather, popularized) quite a trend. ??

Well, that’s great. If there’s already a free WP host out there, I don’t need to worry about that aspect anymore. ?? I’m thinking of giving users a choice of 3 or so popular open source blogging tools so that they’re not limited to only 1 option (even if WP is the best out there ;)). So, I probably will still include free WP hosting as one of my options.

Hmm… as a user with author permissions only, you have no control over the look and feel of your WP site, right? I’d think people would find that rather limiting…

Authors at WordPress.com can select from one of the installed themes. Crurrently, seven themes are available from which to select.

No, it’s not ideal for someone looking to really tweak their site. But for someone more interested in blogging than fiddling with their blog, it’s a viable solution.