Possible security hole [Solved]
I’m running a BuddyPress 1.2.8, WordPress Mu 3.1 site and a bot somehow manages to always create accounts, about 5 per day, even though account registration is disabled in /wp-admin/network/settings.php, and for each of my sites.
For example, the last account created had username “ramonlpa” and email “firstname.lastname@example.org”, and was not associated with any site (i.e. the site field is blank).
This has been happening for a long time. When I first found out, the bot had created 3000 accounts.
I’m also running bbPress with the WordPress Integration, so the hole might be in bbPress.
You must be logged in to reply to this topic.