AMY: I had 120 fake user accounts, one of which was somehow approved. UM asked me to reset my password. The reset email warned me that this site might be dangerous. Any legitimate user would get the same warning. I’m over it. No users. No comments. I deleted them all on 7/24/2024. I also removed all sections and pages the referred to comments and users.
Below is the results of the UM scan:
********************
Scan Complete.
Suspicious Accounts
No suspicious accounts found
PLEASE READ OUR RECOMMENDATIONS BELOW:
WARNING: Ensure that you’ve created a full backup of your site as your restoration point before changing anything on your site with our recommendations.
Review & Resolve Issues with Site Health Check tool
Site Health is a tool in WordPress that helps you monitor how your site is doing. It shows critical information about your WordPress configuration and items that require your attention.
There are 5 issues in the Site Health status: Review Site Health Status
Default WP Register Form
The default WordPress Register form is disabled.
Secure Register Forms
We’ve removed the assignment of administrative roles for Register forms due to vulnerabilities in previous versions of the plugin. If your Register forms still have Administrative roles, we recommend that you assign a non-admin roles to secure the forms.
Default Registration is secured
Block Disposable Email Addresses/Domains
You are not blocking email addresses or disposable email domains that are mostly used for Spam Account Registrations. You can get the list of disposable email domains with our basic extension Block Disposable Email Domains.
Manage User Roles & Capabilities
Roles & Capabilities are all secured. No users are using the same capabilities as your administrators.
Require Strong Passwords
We recommend that you enable and require “Strong Password” feature for all the Register, Reset Password & Account forms.
Click here to enable.
Secure Site’s Connection
Your site provides a secure connection with SSL.
Install Challenge-Response plugin to Login & Register Forms
We recommend that you install and enable Ultimate Member – Google reCAPTCHA to your Reset Password, Login & Register forms.
Keep Themes & Plugins up to date.
It is important that you update your themes/plugins if the theme/plugin creators update is aimed at fixing security, bug and vulnerability issues. It is not a good idea to ignore available updates as this may give hackers an advantage when trying to access your website.
Plugins are up to date.
Themes are up to date.
You’re using the latest version of WordPress(6.5.5)
That’s all. If you have any recommendation on how to secure your site or have questions, please contact us on our feedback page.