[wp-trac] [WordPress Trac] #43273: set users_can_register to 0 by default
WordPress Trac
noreply at wordpress.org
Fri Feb 9 17:40:37 UTC 2018
#43273: set users_can_register to 0 by default
----------------------------+-----------------------------
Reporter: kingannoy | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: normal | Keywords:
Focuses: administration |
----------------------------+-----------------------------
People are abusing the new-user-registration form of wordpress to send
(single) unwanted emails from a large amount of websites to someone they
want to inconvenience.
For more info on this "trolling" technique have a look at this article:
https://www.wired.com/story/how-journalists-fought-back-against-crippling-
email-bombs/
In my experience (support at a few different webhosting companies) the
user registration feature is not used by the majority of users, however it
causes a few negative effects when it is left '''on''' by default.
Negative effect 1: People get spammed, see the article from wired for more
explanation.
Negative effect 2: The databases of the websites that are abused in this
way are filled with (inactive) fake users. In my relatively small sampling
this was between 1.000 and 6.000 fake users. This database pollution is
unwanted.
Negative effect 3: The recipients of these emails mark them as spam, this
gives the mailservers used for sending these emails a bad reputation, this
in turn makes it more likely that other (wanted) emails are going to be
rejected.
Setting the users_can_register value in the database to 0 by default seems
like a really easy way to quickly solve this issue for practically all new
WordPress sites from here on out.
Maybe a fix can also be proposed for fixing this for existing sites as
well, for example switching it to 0 in a single update.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43273>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list