I don’t require my blog readers to register to read or comment, and I removed any visible links for registration or administration at the time I started the blog. So it was definitely a scary thing to receive an email claiming a New User Registration from an email address I did not recognize. I hoped it was just a spammy thing, and not a hacker-y thing. I deleted the new user, changed my administrator password, used phpMyAdmin to make sure there was nothing awry in the database (there wasn’t) and went off in search of more information.
Turns out that I was in very little danger since my WordPress General settings did not set new users to Editor or Administrator. These mystery registrations have been hitting a number of WordPress installations via bots searching for the usual address of the registration page. The WordPress forums address the issue:
Someone registered as a user on my wordpress blog – possible hacker?
If you, too, were visited by this bot:
1. Go to General Settings.
2. Under Membership, uncheck Anyone can register.
3. Under New User Default Role, select Subscriber (Subscribers cannot post to or make edits to your blog).
4. Go to Users and delete the unwanted user.
5. Go to Your Profile and change your password.
6. Go to phpMyAdmin at your host and check the wp-users table to make sure there are no unwanted entries there.
This happened right after returning home from another potentially scary experience. I used to have my hair done at the beauty colleges all the time during high school, college, and right after. I haven’t done that for a very long time, and I’m not even sure why. My worst hair experience was not at the hands of a student, but at a salon with some good recommendations from friends and acquaintances. This was in the early 80s, and I fell victim to an overly curly perm.
I never returned to that particular salon, but I didn’t go back to the beauty college either, until tonight. I went to the beauty college near my house that is affiliated with a salon that I have visited fairly often with good results. I don’t like color surprises, so I usually bring a copy of the formula for my favorite color. I had a bad moment upon learning that even though the salon uses that brand of color, their associated school does not. I almost considered bailing at that point, but the stylist and her instructor showed me how they would get to “my” color and it was pretty convincing, so I stayed.
This story has a happy ending that is not scary at all. The cut is good, the color is great. My stylist was a woman about my age working on a midlife career change. I enjoyed chatting with her. I still have money in my wallet. The total cost was about a third of what I would have paid at the salon. If I’d started doing this sooner, maybe I could have bought the MacBook Pro instead of the cheaper MacBook after all!
(NaBloPoMo | April ’10: 13 of 30)