That would probably break a lot of stuff. Why do you feel it’s necessary?
Thread Starter
jimoe
(@jimoe)
We keep having someone(s) breaking into our site. We have followed the hardening suggestions, scanned for malware. Still hacked.
They always break in as administrators. If I could prevent new users, problem solved?
If users are creating themselves as Administrators, then either one of two things is happening:
1. At Settings > General in your site’s Dashboard, you may have “New User Default Role” set to Administrator.
2. If not, then you did not properly clean up the hack vector used previously. Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.
>> If I could prevent new users, problem solved? <<
No, you’re just masking a symptom.
This would prevent anyone from changing or adding to the table.
Also, if you really want to just do that, uncheck “Anyone can register” at Settings > General in your site’s Dashboard.
Again though, referring to my earlier reply, if Administrators are being created without that being the default user role (or if “Anyone can register” is already unchecked), then you did not properly clean up the earlier hack vector.
Thread Starter
jimoe
(@jimoe)
> then you did not properly clean up the earlier hack vector.
>
No doubt. So far, I have not found the vector.
Ok, try the guide again.
If that’s not working out, and you’re sure you have the settings correct, you may need to hire a firm that specializes in this, like https://sucuri.net/
