img src wpsite.net
WordPress security alert! As wordpress blogger, you are constantly a target to these bad guys and so you should never slow down on your blog’s security activities. Today, I want to quickly bring to you what happened to my blog and how I quickly reacted to it. I spook about it with my good friend Abhi Balani, the Oddblogger and he quickly suggested I post about it. In fact some of my readers already noticed and commented it.
Do you know that spammers have graduated from leaving spam comments to leaving spam blog articles? Yes, that’s what happened to my blog this early money. Look at this image that follows:
What happened ?
The user kasiera28 registered on my blog and quickly published this article I show in image above.
After having installed Better WP Security and still playing around with the options (this plugin has tons of options to keep your blog secured), this bad user was quickly able to create an account and directly publish an article without it going through moderation. I’m going to show you in a minute how he did it and how to stop him and others from messing around your blog this same way.
New Users, Roles and Capabilities
Right now as I write, my blog is not yet opened to public registration so i paid little attention to default role of new members. However, this should important. This is actually where there was a leakage. Check this image:
Go to Settings -> General
blog version Version 3+
- Anyone can register: I propose you allow this option unchecked except you know what you are doing. My option is to completely disable public registration. By the time I finally open up to guest posting, I will handle the account creation from within the admin.
- New User Default Role: When I came to these settings, I discovered mine was set to ‘Author‘ This is the leakage. An author is somebody who can publish and manage his/her own posts. No need for moderation. So when kasiera28 managed to sign up, he was instantly able to publish.If you are not so sure what this is, I propose you set it to ‘Subscriber‘ Read more about these Roles and Capabilities
Take action now
If you have not checked this aspect of your blog, go to Settings -> General and make sure you have the right options set.
If you are wordpress blogger and you don’t take wordpress security as important as creating engaging contents, be aware you are building on sandy soil.
I’m eager to here from you. Have you had such an experience before? Tell us in the comment box
One quick way to fail in WordPress and blogging is trying to learn the hard way - by searching for free videos and tips. That's like trying to complete a HUGE jiggsaw puzzle, for which the pieces always don't fit.
There's a better solution though...
Kim Castleberry and her team have worked hard to assemble great collection of video tutorials that you can download and get started with right now. Most of them even include transcripts in case the text format works better for you! Everything was created with the absolute beginner in mind, so you'll never feel like you're listening to a rambling tech geek. Download the videos
About Enstine Muki
Hi and welcome to my blog. My name is Enstine Muki. I'm developer and owner of 
Hey Enstine,
Thanks for sharing your experience bro.
I logged in to my blog and fortunately found everything correct. No Public registrations and the default role is set to subscriber.
But once again thanks for the post. It will help everyone out there.
Cheers
Arbaz Khan recently posted..5 Unique Blogging Tips to Build a Better Blog
Hey bro,
I’m impressed with your immediate action after reading this article and I’m glad you are safe this way. kasiera28 will probably never get you
Hey Buddy,
That’s what I told you. I am glad you fixed the default role now.
Good luck, my friend. And thanks for mentioning me.
Hey bro,
Yes, the default role is bad and thanks for contributing ideas to the fix
I hope my readers follow and shared your BE entries, giving you more chances to win. Good luck
Thanks a lot for this man.
Really appreciate it.
Thanks for this publication. It is important to know.
Hey man,
Good to see you here today.
Hope this helps you stay safe, at least from unwanted posts.
Sorry you had this issue Enstine but I think with anything this is just a learning process of what we need to have properly in place with our blog.
I never wanted anyone to be able to register and I don’t even let my guest bloggers set up their own posts. I’m sure if I started allowing more then I might have them log-in but that’s not something I’ve even considered yet.
Thank you for sharing this with everyone. I’m sure there are a few other people who are not aware of this either. They’re happy you shared this with them.
~Adrienne
Yes Adrienne. We learn every moment and sometimes it’s good to learn the hard way.
I’m sure this helps many too to get themselves armed.
Thanks for your intervention and encouragement
Wow, that’s pretty scary that someone can do that! Will make the changes!
(dofollow)
Wade recently posted..Blogging Tips:How To Eat An Elephant
Hey man,
You really have to. It’s bad to be hit by these bad guys. Check your settings
Your Guidance made me worry about my wordpress
now have to do something for security.
Umer Rock recently posted..IPad Mini Review – Coming on 23 October, 2012
Hey Umer,
You really should do something bro.
Don’t wait until you are hit
That’s really scary! You are lucky they did not do anything worse like delete some of your posts… I recently started cracking down on my WordPress security as well because hackers are getting out of control with it.
Ian Eberle recently posted..Getting Serious About WordPress Security
lol if they did that, I’d get them arrested and jailed
Thanks for sharing this security alert. I will definitely beef up the security on my blog.
Arpan recently posted..New Samsung Chromebook announced for $249
Hey bro,
Thanks for reading and commenting today.
It’s a good thing you check and make sure you are not exposed.
Have a splendid weekend man
Glad you got it sorted before too much damage was done.
Spammers are always looking to run their garbage wherever there’s a hole in a site. They are a sad bunch.
Martin Cooney recently posted..Here’s Why Business Relationships Are The Same As Personal
Hi Martin,
I’m excited to see you here today.
Thanks for contributing content too. We have to always be watchful against these attacks
Hope you have a great weekend
Thanks a lot for the security alert. It is better to stay cautious than regret later.
Anamika S recently posted..Make Money on Pinterest with Viraliti Ads (Pinvertisement)
Hey Anamika,
Thanks and welcome. I’m glad you were here read the alert. Hope you’ve made sure you are safe.
May you have a splendid weekend
Security is main anxiety at this time.Really i was not aware about that but now your showing is making me very eager to check and correct that settings because i don’t want to hitten.
(dofollow)
Thanks
Bhushan recently posted..Travel Web Portal Software Delhi Noida
Hey Bhushan,
I’m glad this was able to help you check your settings. It’s better to do something before these bad guys get to your blog
Have a great weekend
Hackers are very smart, but bloggers are their dad, they know how to protect their blogs, if we use all precautions then there will be very less chance of hacking, and we know we can recover our blog after hacking but still if it’s hacked once,then another will try to hack again.
BTW Great Post..
Nishant Srivastava recently posted..Common Mistakes in Email Marketing Campaign
Hey Nishant,
Glad to see you here this weekend and thanks for your contribution
Though hacking is a constant thread, we shall never stop reinforcing our security.
Hope you have a great weekend
Interesting… I have never changed any settings, now I am going to check all my blogs. I am sure they are all set up ‘anyone can register’
There are good lessons to learn. Thanks for sharing.
Dina recently posted..Become An Intern of Christopher Howard – The Academy of Wealth & Achievement
Hey Dina,
Thanks for reading and commenting.
It’s really necessary you check those settings and be sure to get the correct options set
Hope to hear from you again
Thank you for brining out this important security alert. It will help bloggers using wordpress a lot. These spammers are getting smart. I can’t understand why they do it since when the web-master will find out they will remove it anyway. But its always a good idea to be alert all the time.
(dofollow)
Shalu Sharma recently posted..Bhang, India’s holy marijuana
Hi Shalu,
These guys are just wicket. The only option for us is to be awake and act fast.
They got my blog for a few minutes and luckily, the damage was kept very low. We have to be very vigilant.
Hope you guys are doing well in India
before this i allow someone to be a guest author by check the anyone can register, but after two day, somebody(others) post article and not got my permission first, i think this is spam. So i agree with you, we should uncheck the option on setting to avoid this mistake
Juan recently posted..PETRONAS E01 Engine Specification for Proton Under DRB Hicom
Hi Juan,
You’ve got the right thing to do. Just uncheck the option and stay safe brother
spamming is a big issue with wordpress, user registration process is so simple that even bots can easily do that. I have to shut down user registration on my blog to control it. Right now, the default role which i m offering is subscriber. Subscribers can’t post anything, so thing are better now. Thanks for sharing this info.
akhilendra recently posted..15 Must Have Plugins for WordPress Blog
Hi Akhilendra,
Thanks for reading and dropping a comment.
That’s the best settings you’ve made on your blog. You are never going to have a case like mine.
Kodus
Hope to see you here again bro
Enstine, what a pain! I had this happen to me quite some time ago. After the experience I turned off the registration.
Great topic for your readers. Thanks for sharing!
posted by Galen Morgigno
Galen Morgigno recently posted..Jeffery Combs – Reinventing Yourself | Oct. 16 2012
Hey Galen,
lol so good to hear you got the solution so on time too. Bad guys are always looking for leakages to do harm but we will not let that happen
Hey Enstine, Thanks for sharing your experience with us. There are a lot of bloggers who allow new members to register for guest posting, but I’m not doing it. I always accept guest posts and publish it as a guest blogger, not their own name and I don’t make them contributor.
(dofollow)
Ehsan Ullah recently posted..How To Get Google Authorship Verified For Your WordPress Blog
Hi Ehsan,
After this experience, I had to disable the public registration option. I’ll put in place a quite sure procedure for guest bloggers.
How has it been with you buddy? I have been away now I’m back
Hi Enstine,
Glad you were able to act on this “slight issue” quickly! I have never encountered this before, so it’s really helpful for me. I checked my settings on my personal blog and everything seems okay. Not that my personal blog is a likely target for hackers, but of course, no matter how small a blog is, it’s still not right for any hacker to mess with it!
Thanks for sharing your experience!
Felicia recently posted..PokerStars All-Star Showdown
Hi Felicia,
Good to have you here this weekend.
Yeah, I was able to act fast enough on this and avoid more damage. Sometimes your blog doesn’t need to be too popular to be a target. It’s always good to take precautions even from the very start point.
FYI Felicia, my new free blog installation service is now live. Just let your friends know about it
Hope you have a splendid weekend
It’s not a WordPress Security bug. In WordPress if registration is enabled, the default assigned role is “Subscriber”. Here you might have changed it. You can use “user role editor plugin” for better user management in multi author blogs.
Sujith recently posted..How to get Windows 8 Metro interface in Windows–7 and XP
Hey Sujith,
Thanks for reading and commenting.
Some bloggers have confirmed having found their settings this way. Whatever option is by default, it’s crucial to check that all is the way you want so you don’t get hit.
BTW, I’m interesting in getting Windows 8 Metro Interface. I’m using XP
Hope you have a nice week
Wow, that’s pretty scary that someone can do that! Will make the changes!
You better do so you don’t get cought
You better do so you don’t get caught
Thanks for this wonderful post. Really if we want to stop hackers to hack our website we must have to give attention to some points like 1) Never use pirated themes. The hackers sometimes create backdoor in it. 2) Never use nulled plugins. They also have backdoor. So you must use original theme and plugin to save yourself from being hacked. Also you can use bps security like plugin. By the way thanks for publishing such a nice post.
(dofollow)
Kshitij Jain recently posted..How to Increase Battery Backup & Performance of Android Phone