[Defender Pro] Administrator Registration

Hi there,

No matter the security settings I use, I seem to have bogus users registrations as ‘administrators’. I’m surprised the Defender Pro isn’t preventing this? How do I prevent this repeatedly happening?



  • Adam
    • WPMU DEV Initiate

    Also attached here is an example of a user that registered without my consent. Since I have blocked his IP and blacklisted Romania however I fear that they’ll simply get in using a different IP/country..


  • Ash
    • WordPress Hacker

    Hello Adam

    Defender doesn't protect spam registration I am afraid.

    But I think the issue in your case is different. Even if you have lots of spam registrations, they can't be administrator as the default role is subscriber. So, either any plugin have changed the deault role of the new user or you have a malicious plugin or code which is making them admin.

    Would you please check your plugins to check if there is no nulled plugin? And all re from trusted vendors?

    Also, would you please check from Dashboard > Settings > General > new user default role is selcted to Subscriber?

    About the registration, do you a separate registration form? If so, would you please link me to that form page?

    Have a nice day!



  • Adam
    • WPMU DEV Initiate

    HI Ash,

    I can confirm all plugins are from trusted sources.

    I can confirm the default user registration is on ‘subscriber’ not ‘admin’.

    I can confirm there is nowhere on the website – to my knowledge’ the ability for a user to signup or a sign up form.



  • Nithin
    • Support Wizard

    Hi Adam,

    Sorry for the delay in getting back to you. Seems like support access to your website is no longer enabled, so wasn’t able to check what all settings are enabled in the plugin side. On checking the website via frontend, I don’t see the website have registration enabled.

    It’s odd that even when the registration is disabled you get user signups. If there aren’t any such signup forms from the plugin, or theme side enabled, then such attempts would likely happen if there are any outdated plugins which are vulnerable. The email alerts about the user registration as shared in the screenshot are from WordFence plugin, right? Do the Wordfence logs list out anything specific regarding these usernames?

    Please make sure all the plugins are up to date. And please enable support access to your website, so that we could check the logs in the dashboard side to have a better idea regarding this.

    You can grant access from WPMU DEV > Support > Support Access > Grant Access, or check this manual: https://premium.wpmudev.org/docs/getting-started/getting-support/#chapter-5

    Please let us know once you enable access so that we could check further regarding this asap.

    Kind Regards,


Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.