Sea Intake

Here are my workarounds:

1. wp-admin redirect not working – I have a ‘login’ link on my site that instead of going to /wp-admin it now points to /login i.e. the UM login page
>> but this does NOT prevent someone accessing /wp-admin which is what all of us are looking for… CAN YOU FIX THAT OR BRING IT BACK?

2. default membership group causing issues (like not able to edit your own profile) –
a. in WP Settings / General I make the “New User Default Role” = Member
b. in UM Settings / Appearance / Registration Form I make the “Registration Default Role” also = Member
>> You can see what Member Role can do under UM User Roles menu on the plugin.

3. I have bbPress and bbPrivate Groups installed, and these plugins have issues with the Change Role / Change Forum Role bulk actions on the WP AL Users page. I don’t know how to fix that. Basically if you set a Site Role and bulk update it wipes out the bbPrivate Group role, and also loses the old UM Role. Experimenting here (on one user, and also with single edit) helped me find the workaround in (1)
>> THIS NEEDS TO BE FIXED, THE PLUGIN SHOULD NOT DO BAD THINGS TO OTHER PLUGINS/SETTINGS

4. I followed the link on other threads to ‘fix’ the non-HTML emails. This should have been automatically done in the upgrade!!! What happened guys?

Fixed this issue for me. Thanks.

capturethemusic dot com

Thanks!

I updated on one of my less visited sites and reactivated.
Then tried to submit a new subscriber but get ‘invalid email address’ on the widget.
No entry in the database, no confirmation email to the subscriber (double opt-in is on).
The email address is valid, I tried several all “@.com”, even gmail.

I’m going to wait and see how everyone else is doing before updating the main site using it…

An update on the WordFence work-around I posted: still no new .ru signups since applying the filter 36 hours ago.

Looking forward to the proper fix in a few days. Thanks!

I also have this problem and installed the plugin ‘WordFence’ as I thought it might fix it for me. While not directly stopping it (I tried blocking IP’s and IP ranges, but no IP repeats the sign-up), I discovered a few commonalities about the bots.

1) They all call on a certain ‘page’ or ‘function’ (I’m no programmer so don’t know, and I won’t list it here). This call is somehow inserting the spam email address and name. This is why removing the plug-in from the webpages still results in spam as this element is still ‘live’, only when the plugin is disabled does spam stop.

2) So far, the bots inserting email/names all have the same ‘browser user agent’. None of the humans visiting my site have the same user agent value as the bots.

3) There is different bot attempt to inject the email/name direct into the fields, but this is not resulting in new registered spam addresses. I guess this type of attack is fixed?

To try and stop it, I used the WordFence Firewall Blocking page with a certain string match for ‘User Agent’ to filter out these bots. It has been running for 12 hours and I have no new .ru email subscribers.

Strangely, WordFence does not report any blocked bots so far, which means either I have not been targeted since, or WordFence is working but not reporting the blocks.

Thanks so much for the quick reply and for the workaround!
It has fixed the issue.

Note for others: the test site URLs mentioned above are now removed.