Make WordPress Core

Opened 9 months ago

Closed 6 months ago

#59343 closed defect (bug) (invalid)

site being used to relay messages by suspicious people, criminal activity

Reported by: mermax's profile mermax Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Comments Keywords:
Focuses: Cc:

Description (last modified by sabernhardt)

please see the COMMENTS section on my site, i am unable to upload the evidence / screenshots here attached. I never set up a COMMENTS page on my site and it seems there is now a comment section and someone is using it to communicate under the radar.

How are they able to do this? Can you please PLUG THIS HOLE so these people cant use my site for information exchange.

please get back to me on this.
https://maxsharam.com

Attachments (2)

Screenshot 2023-09-13 at 8.00.37 PM.png (620.3 KB) - added by mermax 9 months ago.
Screenshot 2023-09-13 at 8.02.09 PM.png (178.7 KB) - added by mermax 9 months ago.

Download all attachments as: .zip

Change History (4)

#1 @mermax
9 months ago

please see the COMMENTS section on my stite, i am unable to upload the evidence / screenshots here attached. I never set up a COMMENTS page on my site and it seems there is now a comment section and someone is using it to communicate under the radar.

How are they able to do this? Can you please PLUG THIS HOLE so these people cant use my site for information exchange.

please get back to me on this.
https://maxsharam.com

#2 @sabernhardt
6 months ago

  • Component changed from Upload to Comments
  • Description modified (diff)
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi and welcome to WordPress Core Trac!

This problem would fit better on the support forums, and I found a related topic there.
https://wordpress.org/support/topic/unwanted-comments-on-image-attachment-pages/

You have attachment pages enabled, and at least some of those have an active comments form.
Example: https://www.maxsharam.com/index.php/thespian-max/screen_test-3/

Core has created one way to remove attachment pages in #57913. Another way to remove those pages is to use a plugin such as Attachment Pages Redirect or Yoast SEO.

If you only wish to remove the comments forms from those pages, you could try one of these:

I have wanted comments off by default on attachment pages, which might be done in ticket:58375.

Because this issue is not a Core bug, 'invalid' is the most appropriate resolution. In case some of the information in your second ticket was sensitive, I chose to delete the ticket instead of closing it as a duplicate.

Note: See TracTickets for help on using tickets.