wpForo 1.x.x Intruder signing in to wpforo without approval
I wonder how I avoid user signing into to my forum in www.tisvildelunde.dk without my manual approval.
See example below, where this user “bnky” apparently managed to get in. I have blocked him now and deleted him and his posts.
Also I have now disabled XML-RPC via wordfence -> login security -> settings.
Singapore, Singapore left https://www.tisvildelunde.dk/forum/?foro=signin&redirect_to=https%3A%2F%2Fwww.tisvildelunde.dk%2Ffor… and logged in successfully as "bnky". https://www.tisvildelunde.dk/forum/?foro=signin&redirect_to=https%3A%2F%2Fwww.tisvildelunde.dk%2Fforum%2F…
6/28/2022 7:53:55 PM (40 minutes ago)
IP: 188.8.131.52 Hostname: ec2-13-214-42-163.ap-southeast-1.compute.amazonaws.com UNBLOCK IP
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Try this plugin for manually approving user registration in the forum.
Which plug-in should I use instead of wpforo?
Ok, hope somebody will look into this bug, which the intruder used as backdoor to get in without my approval. As mentioned I think it is related to xml RPC.