👓 Securing WordPress‚Äôs membership settings | Roy Tanck

Read Securing WordPress’s membership settings by Roy Tanck (roytanck.com)
For as long as I can remember, it’s been possible to configure WordPress like this:
Screenshot of WordPress’s membership settings, as found under Settings -> General
In essence, this combination of settings translates to: “Please take my site. No seriously, it’s yours.“. Allowing new users to sign up, and then making them site administrators allows them to completely take over your site.

I’m really surprised that this is not a heavily protected option and can’t think of a reason people would really want to do such a thing.

Leave a Reply

Your email address will not be published. Required fields are marked *