Hello, last week i add wopoforo Forum for my website. I Have open rigistration and one day from 2 members show 199 members. I Find that all the members are fake and maybe hacked my website. After that, i received many comments for approval. Of course i backup all my website, delete it, installed again the wordpress and now all good. I have add also protected directories with password, and also anti spam and firewall. But when i search my website in Google i found those members with my website name in other wopo forums. Of course when someone clicked in the url said no page found. But i want to ask is it dangerous? And why my url showed in another wopo forums? Thank you for your time. Website: wearecarmaniacs.com
Also i find in activity log many login failures attempts from another ip.
This is the first time i see a password protected site. You see nothing, just a id and password.
Not a good idea.
But trying to follow your google links i am able to view the site. strange things.... You have password protected the forum pages.
I doubt if a registered user can hack the site, unless the site is totaly missconfigured. And wpForo probably has nothing to do with the hack. But was it a hack actually? What was the hack? The ammount of users? That is not a hack but spammers with fake accounts.
If your site is well installed and the server secure, all you need is a WP plugin for security. Nothing else.
Thank you for your time, the password protected it's my fault. Now all fine. When the bots appeared in the wpforo forum , all the time i see activity login from differnet ip. They tried to login in wp admin area. Also if you search the name of the website on Google, you will see that the website url appear in another unsafe website forums. I am not very "familiar" and "experienced" with wordpress and i don't know if this is somtheng normal or real danger for readers and also for me.
Ok then your WP site is not hacked just flooded with fake accounts probably for spam and profiles. wpForo doesn't handle logins and registrations, it is Wordpress that does that.
There are many many plugins to protect you from that. For Wordpress. Captchas, security plugins like Worldfence, you name it.
Also i see your url to chinese profile links. You can disable profile indexing.
But better protect the source of your issues, REGISTRATION or/and LOGIN of bots (if they are a lot, they are bots).