WordPress.org

Make WordPress Core

Opened 3 months ago

Last modified 3 months ago

#43273 new enhancement

set users_can_register to 0 by default

Reported by: kingannoy Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: trunk
Component: Users Keywords:
Focuses: administration Cc:

Description

People are abusing the new-user-registration form of wordpress to send (single) unwanted emails from a large amount of websites to someone they want to inconvenience.

For more info on this "trolling" technique have a look at this article: https://www.wired.com/story/how-journalists-fought-back-against-crippling-email-bombs/

In my experience (support at a few different webhosting companies) the user registration feature is not used by the majority of users, however it causes a few negative effects when it is left on by default.

Negative effect 1: People get spammed, see the article from wired for more explanation.

Negative effect 2: The databases of the websites that are abused in this way are filled with (inactive) fake users. In my relatively small sampling this was between 1.000 and 6.000 fake users. This database pollution is unwanted.

Negative effect 3: The recipients of these emails mark them as spam, this gives the mailservers used for sending these emails a bad reputation, this in turn makes it more likely that other (wanted) emails are going to be rejected.

Setting the users_can_register value in the database to 0 by default seems like a really easy way to quickly solve this issue for practically all new WordPress sites from here on out.

Maybe a fix can also be proposed for fixing this for existing sites as well, for example switching it to 0 in a single update.

Change History (1)

#1 @SergeyBiryukov
3 months ago

  • Component changed from General to Users

Related: #12682

Note: See TracTickets for help on using tickets.