unauthorized user registration

  • Resolved SaladGoat

    (@saladgoat)


    9 years, 4 months ago

    I’ve just received an email that someone has signed up for my site.

    But I have that option turned off in General Settings and there is no page on my site where someone could sign up.

    This means someone’s hacking the WordPress structure to sign up, right?

    I thought there was something iThemes that could prevent this, but I’ve just had a look through the settings and cannot find it.

    Am I mistaken? Or am I simply missing the option to prevent these signups?

    Thanks!

    UPDATE: I just checked the Users list on my site and that user is not there. Only the proper, authorized users are listed. Yet I received this email from WordPress, with the usual info. Now I’m really confused!

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 5 replies - 1 through 5 (of 5 total)

  • It might be a backdoor, these are very simple once the got access to your server before Ithemes was used.

    Check the user table in your database to be sure.

    Thread Starter SaladGoat

    (@saladgoat)

    User table in the database shows only authorized users. Just received another email saying new user registered. New user is not listed and still not able to register. I have several WordPress websites but this is happening on only one of them. Odd….

    @saladgoat

    Could you post the exact content of the email ?
    Or forward the email to [ redacted, support is not offered via email, Skype, IM etc. only in the forums ].

    Did you just update to the new WordPress 4.5 release ?
    If so, could it be updating WordPress triggers the register email ?
    (Just guessing …) Did you also update WordPress 9 months ago ?

    The only iTSec plugin option (as far as I know) that is related to registration is in the Hide Login Area section.
    If the Membership checkbox (Anyone can register) is enabled in the WordPress General Settings page the Hide Login Area feature allows you to specify a secret register slug.

    One other thing. What happens when you access the standard register url:

    https://www.domain.com/wp-login.php?action=register

    Note if you have specified a secret login slug in the Hide Backend feature, replace wp-login.php with the secret login slug.
    Since the Membership checkbox (Anyone can register) is disabled you should be redirected to:

    https://www.domain.com/wp-login.php?registration=disabled

    dwinden

    @saladgoat

    Ok, so upgrading has nothing to do with this.

    The following URL takes me straight to the admin login form:

    https://johncodyonline.com/wp-login.php

    And the following URL takes me straight to the registration form:

    https://johncodyonline.com/wp-login.php?action=register

    Looks like I can register anyone I want … (didn’t actually try though).
    Not sure what to think of this …

    The Register/Login/Lost your password? links on the bottom of the login/register forms show a URL like this:

    https://johncodyonline.com/home/articles/wp-login.php?action=… etc

    Where is the home/articles path coming from ?
    When clicked upon all these links the result is a not_found page …

    Going to the standard register URL gives me a Page Not Found error.
    Going to the same URL with the secret slug, I do get the registration=disabled page.

    What exact URLs did you use ?

    dwinden

    Thread Starter SaladGoat

    (@saladgoat)

    Ha! I do believe you have figured it out!
    Apparently I have TWO installations of WordPress on the same domain – one I am using and one I completely forgot about and don’t use at all.
    Duh.

    Yup, just checked the User table and there’s almost a hundred unauthorized users on there!

    Now I just have to figure out how to login and delete that installation. lol

    Thank you so much for taking the time to poke around. I really appreciate it!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘unauthorized user registration’ is closed to new replies.

Tags