One missed checkbox can lead to 47,000 spam users!

One site owner got more than 47,000 spam user signups!  Yikes!

Did you know that if forget to click one checkbox during setup and anybody can create a visitor’s account on a WordPress website.  Anyone or ,unfortunately, any spambot.  Or, even more unfortunately, all of them!

Most people, even beginners, figure out they should click that checkbox.  And theoretically it’s no big deal.  By default new accounts are just for “subscribers,” which only lets them add comments a little more easily.  Not a big deal, again, since you can easily write comments without an account.

Theoretically.  In practice it can be a giant, performance (and possibly SEO) sapping drain on your site.

The other day I was doing an assessment of a new client’s existing website and found not one, not 10, but more than 47,000 of these spam user accounts!

I was already logged into their site so even though they weren’t yet a client I turned that option off for free.

To disable spam account signups:

  • Went to their dashboard
  • Chose General from the Settings menu
  • Scrolled down to “membership”
  • Unchecked “Anyone can register”
  • Scrolled the rest of the way down and clicked “Save Changes.”

That was the easy part!  Deleting those 47,000+ members took quite a bit longer!

I try not to beat our own drum very often but in this case?  Sometimes it’s a very good idea to let a professional web developer check your site out to make sure all your performance and security i’s are dotted, t’s are crossed…

And checkboxes checked!

Posted in , tagged with: #, #, #, #

David Innes,

I've been building and maintaining websites since 1997 and building and supporting similar hypertext-driven software since 1987. I've done maintenance, support, and maintenance for physical and digital systems since 1981. And no, I still haven't seen it all but by now I usually know where to look. More about David Innes...