Unauthorised users

  • johnglostersmith

    (@johnglostersmith)


    6 years, 5 months ago

    When using this plugin there were three attempts by unauthorised users to set themselves up as users with user names and passwords while this plugin was in operation. I therefore am not sure about the security of this plugin. After checking with my webhost, Siteground, on their advice I disabled and removed the plugin and am now using the Seedprod plugin to show “under maintenance” while I check on whether there are other potential causes. Scans of the site using Sucuri and by Siteground have not revealed malware at present.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • g0tr00t

    (@g0tr00t)

    6 years, 5 months ago

    @johnglostersmith

    “Any attempt, by anyone not logged, to view any Page, Post or other part of the site will display a WordPress login screen.”

    If visitors are being redirected to the WP login screen, then it’s natural for them to assume they need a user account and proceed with attempting user registration.

    If you don’t want visitors to be able to register, then disable user registration and you should be good.

    That said – I’m not familiar enough with this plugin to speak on its specific code, but from what I’ve read on it, and what you described, it doesn’t seem like anything malicious has occurred.

    Now if these visitors were successful in setting themselves up as admin or editor users, then that’s a serious problem.

    Thread Starter johnglostersmith

    (@johnglostersmith)

    6 years, 5 months ago

    The idea of having this plugin was that it would be a private site, just few a few people to whom I gave login details. I’ve reinstated the plugin, to test it again, and can’t see how people can register. Registration is turned off in General Settings. It was how these got themselves registered that was concerning me, and whether that might be a security issue.

    I see that I need to post a support ticket with the owner, ZATZLabs, and that the plugin is not supported through ww.wp.xz.cn. I also see that their support forum is not working due to a spamming problem, that the plugin hasn’t been updated for 10 months, and that it has not been tested with the latest version of WP!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Unauthorised users’ is closed to new replies.