Skip to:

Re: User / messaging exploit? Causing spam

John James Jacoby


@Seobrien, can you confirm that you were looking at the site users and not the blog users?

It’s a common mistake to think that users don’t exist because at first you naturally check “settings->users” instead of “site admin->users”. The first is only showing you users on the blog you’re looking at, the second will show you users on your site.

I can’t think of a circumstance where a user could somehow function through-out the site without a user account. Even if there’s a misalignment of data between BP and WP, if there’s no WP account, they can’t login. Also, they cannot login simply with an incomplete registration in WPMU (wp_signups), since the login page checks only the (wp_users) table.

@nexia, if you are duplicate this phantom registration method on any WPMU or BP installation, I’d love for you to PM me the steps so we can help patch the issue.

Skip to toolbar