Improving Security

This support request was posted in General Support by fuzzybear

Request ID #2611 In Progress
  • fuzzybear December 5, 2013 at 12:09 pm

    Hi Juan,

    In the last few weeks I have been finding that a number of spam users have been added to the BBQ themed website. I’d like to know how this might be possible and what I can do to ensure that this does not happen in the future. I have not found any added content or funky scripts added yet but without checking every single file I can’t be sure.

    Any advice?

    Juanfra Aldasoro December 5, 2013 at 12:33 pm

    Hi There,

    Thanks for writing.

    You mean you’re getting comments to your blogposts/pages from people trying to sell viagra? Those are spammers, spam robots.

    Unfortunately that has nothing to do with the theme or even WordPress. Those are spam robots, they’re all around the internet crawling, leaving comments and comments across what they detect to be a WordPress site.

    A good way to handle this, is to use the plugin akismet. At least you won’t have to be marking comments as spam over and over again.

    Link: http://akismet.com/

    It’s a pity that these people actually exist, but it is what it is 😉

    Best,
    Juan.

    fuzzybear December 5, 2013 at 12:38 pm

    Ha sort of but not quite.. No, they’re adding themselves as users to the site, editors of content allowing them to add/edit pages within the website rather than just subscribers.

    I understand that they’re bots but I just wanted to ensure that no funky scripts are going to be injected or content messed with.

    I will install akismet plugin but do you have any advise on file permissions/db users permissions etc?

    Many thanks 😉

    Dan

    Juanfra Aldasoro December 5, 2013 at 12:46 pm

    Hi Dan,

    How come they’re getting registered as editors?

    What are your site’s user registration settings? The default role is editor?

    Unless you have something specifically prepared for users around your site, I’d recommend you to close the user registration and delete those who have registered and are now editors.

    There are some plugins that act as site scanners, l would recommend sucuri. I would suggest you to run a test and see if there’s something wrong going on.

    Have you updated the theme to the latest version?

    Best,
    Juan.

    fuzzybear December 5, 2013 at 4:40 pm

    Ahh I have just realised the ability to subscribe as a user was left enabled which would explain why it was so easy for people/bots to be added! My bad.

    I will look into sucuri as additional security of sorts can’t hurt and yes, latest version is in place.

    All the best,
    Dan

    Juanfra Aldasoro December 5, 2013 at 4:53 pm

    Hi Dan,

    Thanks for your prompt response.

    Please let me know if I can be of any further assistance.

    Best,
    Juan.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Login to your Account

Welcome back! Please log in to your account by filling the fields below:

Forgot?

Not a member? Create a free account.

Create a Free Account

You're 27 seconds away from some awesome WordPress free stuff, benefits and more. Create a free account and have access to our free products, benefits and more!

Already have an account? Log in
Secure Server