Stop hackers from setting up as "teacher" users on site

tw2w · 13 October 2017 13:43

I have been using S2members for a while with no issues however everyday I have users who are not suppose to be able to create a user account but somehow are setting up as “teacher” on my site. My site has crashed twice in the last week. Thank God I had it backed up but it is a pain as I have real users that need to access this site for training everyday. I have looked at every option in the settings of S2 to find a way to block these unwanted users. I even tried to change the user roles of the “teacher” role but it will not save them. I just need help with exact instructions on how to block this from happening. Currently if anyone registers on my site they have to be given S2 level 1 to gain access by an administrator.

KTS915 · 13 October 2017 14:36

Please explain what this means.For example, what s2Member role is “teachers”? Are these users already registered with your site?

I don’t understand what you mean? When someone registers, what role are they given? Are they using the default WordPress form or something else?

tw2w · 13 October 2017 18:38

Thank you for the reply.

These are not registered users on the site. They get in somehow and land in the “teacher” role which makes me think there is a open way for them to get registered.

Currently if someone comes to my site www.teamwork2wealth.com they can register and they are sitting there at level 1 “free agent” until we give them full access to the site.

These unauthorized people have foreign emails ect use the same first and last name and get registered on their own and put themselves in the :”teacher role” which seems to be a default role on S2. I don’t use this role and it will not allow me to delete it.

Thank you

Max

KTS915 · 13 October 2017 18:45

s2Member creates no such role. The roles created by s2Member always begin with s2member_level. I am guessing that, in fact, you have something set somewhere else on your site that is changing the default WordPress (note: WordPress, not s2Member) role from “subscriber” to “teacher.” You can’t delete that role from s2Member because s2Member didn’t create it.

If my guess is correct, then this is actually nothing to do with s2Member at all, but just an inherent problem with using the default WordPress registration page. The best solution is to install and configure the plugin WPBruiser: https://wordpress.org/plugins/goodbye-captcha/

tw2w · 16 October 2017 14:09

Thank you. That seemed to work once I added the WPBRUISERPRO.