WordPress security alert! As wordpress blogger, you are constantly a target to these bad guys and so you should never slow down on your blog’s security activities. Today, I want to quickly bring to you what happened to my blog and how I quickly reacted to it. I spook about it with my good friend Abhi Balani, the Oddblogger and he quickly suggested I post about it. In fact some of my readers already noticed and commented it.
Do you know that spammers have graduated from leaving spam comments to leaving spam blog articles? Yes, that’s what happened to my blog this early money. Look at this image that follows:
What happened ?
The user kasiera28 registered on my blog and quickly published this article I show in image above.
After having installed Better WP Security and still playing around with the options (this plugin has tons of options to keep your blog secured), this bad user was quickly able to create an account and directly publish an article without it going through moderation. I’m going to show you in a minute how he did it and how to stop him and others from messing around your blog this same way.
New Users, Roles and Capabilities
Right now as I write, my blog is not yet opened to public registration so i paid little attention to default role of new members. However, this should important. This is actually where there was a leakage. Check this image:
Go to Settings -> General
blog version Version 3+
- Anyone can register: I propose you allow this option unchecked except you know what you are doing. My option is to completely disable public registration. By the time I finally open up to guest posting, I will handle the account creation from within the admin.
- New User Default Role: When I came to these settings, I discovered mine was set to ‘Author‘ This is the leakage. An author is somebody who can publish and manage his/her own posts. No need for moderation. So when kasiera28 managed to sign up, he was instantly able to publish.If you are not so sure what this is, I propose you set it to ‘Subscriber‘ Read more about these Roles and Capabilities
Take action now
If you have not checked this aspect of your blog, go to Settings -> General and make sure you have the right options set.
If you are wordpress blogger and you don’t take wordpress security as important as creating engaging contents, be aware you are building on sandy soil.
I’m eager to here from you. Have you had such an experience before? Tell us in the comment box