[ad_1]
Hi there
I keep finding these users in my “users” list.
This one is the most recent… and I found they somehow created a listing in my directorist plugin.
I think I have disabled the ability for anyone to register (as per my screenshot), but it keeps happening…
Does anyone know why this might be the case?
I don’t think any of our creds have been compromised because they only ever show up as subscribers.
Thanks in advance 😀
https://preview.redd.it/06extc8cv7lc1.png?width=525&format=png&auto=webp&s=9d63bce358a733af0cc265775d6f53c432d5e92c
https://preview.redd.it/v8pvcs60v7lc1.png?width=1688&format=png&auto=webp&s=f669aec3da3d395195865a60d9d31c09d3901fb5
[ad_2]
Honestly, not shocked at all. Directorist really drops the ball on security. It’s like they’ve missed the memo on what it takes to keep things safe. My site just like another +300 got defaced by hackers a few years back because of their lax security. [https://www.bleepingcomputer.com/news/security/wordpress-sites-are-being-hacked-in-fake-ransomware-attacks/](https://www.bleepingcomputer.com/news/security/wordpress-sites-are-being-hacked-in-fake-ransomware-attacks/) And from what I’ve heard, the horror stories just keep piling up. Seems like nothing’s changed. If you’re on the fence, might be time to consider other options.
If the plugin is insecure, then stop using the plugin.
Turns out there is an option in Directorist called “New User Registration”.
I managed to recreate the workflow that I think these guys are following.
I turned off New User Registration, so I think we’re all good now!
Thanks all ❤️