Do not allow open registrations

If you have a self-hosted wordpress, please be careful with allowing registration open to anyone.
I just learned the hard way, my host got complaints of paypal phishing on my site, of course now i’am locked out of my account, at this point giving out more information probably will just make things worse, but this is what they found on my website:

/wp-content/uploads/www.paypal.fr/cgi-bin/webscrcmd=_login-run/webscrcmd=_account-run/updates-paypal/confirm-paypal/

… and now my domain will probably get tagged as phishing site, totally not worth it for letting open registrations.

Don't do it!

Don't do it!

So admins out there, be careful here’s a good article i found and that i will be following closely in the future:
http://www.smashingmagazine.com/10-steps-to-protect-the-admin-area-in-wordpress/

Advertisements