👓 Securing WordPress’s membership settings | Roy Tanck

Read Securing WordPress’s membership settings by Roy Tanck (roytanck.com)
For as long as I can remember, it’s been possible to configure WordPress like this:
Screenshot of WordPress’s membership settings, as found under Settings -> General
In essence, this combination of settings translates to: “Please take my site. No seriously, it’s yours.“. Allowing new users to sign up, and then making them site administrators allows them to completely take over your site.
I’m really surprised that this is not a heavily protected option and can’t think of a reason people would really want to do such a thing.

Published by

Chris Aldrich

I'm a biomedical and electrical engineer with interests in information theory, complexity, evolution, genetics, signal processing, IndieWeb, theoretical mathematics, and big history. I'm also a talent manager-producer-publisher in the entertainment industry with expertise in representation, distribution, finance, production, content delivery, and new media.

Leave a Reply

Your email address will not be published. Required fields are marked *