Is there a backdoor in WPMU/Buddypress?
To make it clear: This is not a “methods-for-stopping-spammers” question. I stopped with the methods mentioned here most of the spammers coming through the “normal” way. Additional fields, changed slug, captcha, etc etc… All the spammers I once had, filled in the required field some dummy information.
BUT here is my question: Is there another way to get through and create users and efterwards blogs. I know once there was, through a bbpress-loophole. But I think this is not an issue anymore (without a seperate bbpress installation)
Here is what let’s me ask this question, because I think it is strange:
– I get ALOT of spam-registrations with just the name/username – no required fields are even touched or filled in any way
– I deleted wp-signup.php (because I guessed they could use that)
– I even deactivated any form of registration/creation from the backend
– there is not one spam-user already in the system (I know them all personally)
– occasionally I got a real human registration, not assigend to any blog, no required fields filled out (which is really strange)
–>My conclusion after this: It is possible to register without even touching the registration-form or the wp-signup.php, right?
So, my question is: Is there ANY way of registration that goes around everything mentioned? Then I guess: THERE IS A BACKDOOR?!
Please don’t answer with use this captcha, this method, etc…
This is a question, so that I understand how it works and if I miss something (which really would be possible )
Thanks to all the WPMU/Buddypress-Gurus, that could answer this question!!!
- The topic ‘Is there a backdoor in WPMU/Buddypress?’ is closed to new replies.