Comment spam breached Maintenance Mode #234
Comments
|
Hello @katymorikawa, I don't think it is a vulnerability. It looks like a spam bot that just sent a POST request straight to http://example.com/wp-comments-post.php The only thing we can do is to close the comments when the maintenance mode is on. And is already on our to-do list: #233 |
|
Thank you @georgejipa that explanation makes me feel better and makes sense. Cheers, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I received a notice about a pending blog comment from my website that's been in maintenance mode for the better part of 5 years. Currently using WP Maintenance Mode. Comment spam:
Author: SEO Service (IP address: 207.180.234.123, vmi231109.contaboserver.net)
Email: [email protected]
URL: https://exorank.com
Comment: Awesome post! Keep up the great work! :)
There are no users on my site except for two admin accounts of mine. Users are not allowed to create accounts. Maintenance mode is active and search engines are discouraged from indexing the site. No cache software. Just seems like there might be a vulnerability...
My site: http://www.katymorikawa.com/
The text was updated successfully, but these errors were encountered: