Skip to:

Re: User / messaging exploit? Causing spam

this is an easy hacking technique, i’ve done that 3 times yesterday when trying to create users/blogs…

you can delete these users by going in the _signups table… the problem is that WordPress is not taking into consideration the registrations that are not completed, they store them in the signups table and they can not be reached when you check for users… so when a user create an account with a blog, the whole process is created but not verified… you can then visit the site without being logged in and without a trace.

WP 3.0 is different in that technique… but i suppose we could find a tweak right now.

Skip to toolbar