[wp-trac] [WordPress Trac] #49276: spam registration increasing after update 5.3.2

Thu Jan 23 12:58:09 UTC 2020

#49276: spam registration increasing after update 5.3.2
-------------------------------------+-------------------------------------
 Reporter:  wordpresserror           |      Owner:  (none)
     Type:  defect (bug)             |     Status:  new
 Priority:  normal                   |  Milestone:  Awaiting Review
Component:  General                  |    Version:  5.3.2
 Severity:  normal                   |   Keywords:  needs-patch needs-
  Focuses:  javascript,              |  testing
  administration, performance,       |
  privacy, coding-standards          |
-------------------------------------+-------------------------------------
 after I updated to latest WordPress version 5.3.2, I saw an increase in
 spambot registrations

 https://prnt.sc/qrrium

 all the spam bot new registration emails came from wordpress at domain.com

 while when I tried to use the same link that most of the spambots use to
 register on WordPress

 {{{
 https://domain.com/wp-login.php?action=register

 }}}

 I got the new registration email from admin at domain.com that means the
 spambots are using some different methods to register on WordPress
 also a spam bot had an image how did the bot upload the image?

 Also, I got a woocommerce spam registration that didn’t have any name only
 had username and email whereas my woocommerce registration page asks for
 name and email and then generates the username automatically then how was
 the spam bot able to register without name?

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/49276>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform