Moderator
t-p
(@t-p)
Did you mean: SEEDPROD login ?
Since you use a commercial plugin and need support, please go to their official support channel. In order to be good stewards of the WordPress community, and encourage innovation and progress, we feel it’s important to direct people to those official locations.
https://www.seedprod.com/
Forum volunteers are also not given access to commercial products, so they would not know why your commercial theme or plugin is not working properly. This is one other reason why volunteers forward you to the commercial product’s vendors. The vendors are responsible for supporting their commercial product.
No no seedprod login. I don;t need support of seedpro as has nothing to do. I mentioned seedpro or any maintenance web page creator. I also used the default of bluehost under construction mode. The problem is my questions are what I mentioned. Having a construction. mode or maintenance mode someone is registering or hammering the site.
The purpose to mention sedprod or any maintenance mode is supposed th site is in that status supposed blocked to any user.
My questions are independent to any underconstruction creator, I detail more:
1.-How are they accessing to the registration form? What page are accessing this person or persons to do this? Is there official page to register? I suspect the attacker is trying to skip the maintenance mode accessing a page.
2.-We will open the site soon but if we start the site they will not stop. Is easy to catch the user names that we don’t need to accept. Is there a way to filter or approve this? Or can we protect against this?
There are various ways to register as a user in WordPress:
WordPress itself has no public registration forms without any plugins, which is why the XMLRPC interface is the most likely point of attack for attackers to create users.
You can protect yourself against this with security plugins that, in the most radical case, disable the XMLRPC interface. However, it is still needed for some things, which is why it may make more sense to monitor it. Take a look at this article on the subject of security: https://wordpress.org/documentation/article/hardening-wordpress/
Even if you emphasize that your question has nothing to do with any maintenance plugin: these probably do not switch off the XMLRPC interface on their own. Maintenander refers to the visual frontend, not any interface. You would have to ask their support how such a plugin actually handles this (if this is still relevant for you).
@threadi Thank you for the information. I see is very useful the information that you supply. Is what I needed I see these persons are using the default routines to put robots and create users. I will check and protect as you see. I will search plugins anti spam or similar things. Thank you
