Never think you are sooooo on top of your code game…
Within hours of posting of the features in the updated DS106 Bank theme, including using WordPress accounts for organizing content and sharing the link to a demo site, BAM! SPAM!
Not so shiny.
So in the theme options allowing WordPress accounts to be used, I had set it up to put a registration form up to make one’s own account, and set the WordPress option to allow registration.
Then overnight, like 20 some accounts, many from the same domain for baby products, and other obvious non-educator accounts, it dawned on me IT IS A VERY BAD IDEA TO ALLOW UNMODERATED ACCOUNT CREATION ON SITES WHERE YOU GIVE AUTHORING ACCESS! How did I forget that the openness which begat the web leaves open the opportunistic infestation of SEO hungry rats.
So quick action. Turn off self registration.
Then update the theme- instead of the button going to a WordPress self registration form, I created a new theme option where a URL could be entered that a Register button should go to (as well as a label, might as well add flexibility while here).
This way, the button could go to a WordPress page that explains how to get an account or maybe to a form to register. Then a site owner could manage who gets accounts (if done via a system that can generate data exports, the Import Users From CSV With Meta plugin works great to batch create accounts).
Never underestimate the potential for any open web form to be exploited, even if you think no one is looking at your little site. People out there spend all day looking for web forms to poop in. That is the internet of 2019.
Anyhow, I proudly wear my rookie card.
Featured Image: Some Photoshop mods to Wikimedia Commons image Circus Rookies lobby card 3.jpg claimed as public domain because it’s old and lacks a copyright notice. Good enough for me.