WordPress.org
Get WordPress

Make WordPress Core

Opened 13 months ago

Closed 10 months ago

#60407 closed feature request (invalid)

WP Starter Page is a source for HACKERS

Reported by: dpmatlosz's profile dpmatlosz Owned by:
Milestone: Priority: normal
Severity: critical Version: 6.4.3
Component: Build/Test Tools Keywords:
Focuses: Cc:

Description

I am convinced that the WP starter page, with the BOLG option is the source for all and any hacker to hack a site. Prove me wrong: Example, I have had my website online for 20 years, I have used several different website dev. Apps. I have never been hacked.
After setting up WP on my sites; 3 to be exact, I soon started to get spam emails from the comment section of the blog.
I am not a website programmer, btw, I had no idea where these comments. were being submit, I looked at the pages on my dashboard and there was nothing there. I kept looking, granted not a lot because it didn't concern me. But the SPAM was annoying and often inappropriate. Eventually when my site(s) were hacked and shut down, I found the hidden blog page, and deleted it. Because my sites were shut down this was a challenge. I still continued to get SPAM even after shutting down the blog comment page. My other 2 sites were still getting comments. It took a bit of sleuthing to find this hidden blog page on each site, You cant edit it either, WP has embedded the comment section. Eventually I deleted them all, but I still had 3 hacked sites. recently I deleted one of the site and reinstalled WP. And guess what, even though I though I deleted the WP Blog page, I started to immediately get SPAM and the site was hacked. OK point being SHUT DOWN THE AUTOMATICALLY AND HIDDEN BLOG PAGE, SHUT DOWN THE COMMENTS UNLESS YOUR POINT IS FOR US TO GET HACKED!!! I AM CONVINCED THIS IS A SERIOUS PROBLEM THAT YOU HAVE TO FIX. Your welcome to drop me an email, that hopefully isnt spam, to let me know you are fixing this gateway for hackers. Thanks Jimmy

Change History (1)

#1 @ironprogrammer
10 months ago

  • Focuses privacy removed
  • Keywords dev-feedback removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi, @dpmatlosz -- I'm sorry to hear about the trouble you experienced after setting up your sites. Unfortunately, Trac is used for development of WordPress, but not for technical assistance.

I recommend reaching out to your web host, and checking out the My site was hacked support page. There are also dedicated user support forums that may offer some guidance.

This ticket has been marked "invalid" and closed because it's not related to a WordPress software bug.

Note: See TracTickets for help on using tickets.