bobjohnbob at gmail.com
Tue Sep 14 13:41:36 MDT 2010
I work in the industry and I can say that wordpress does get hacked
alot. Not really more than any other php application though, when you
look at how many installation of wordpress are out there. Most of the
hacks happen to people who haven't updated wordpress in months (I
haven't made any changes to this wordpress site in years. Why is it
hacked now? It must be your fault!) Or they have about 300 different
plugins installed that haven't been updated and they only really use
about 4 of them. Wordpress is not secure, but it's about as secure as
you get with a php application that has as many features as it does
and is updated with new features constantly.
If you don't see the users actually being created in your wordpress
dashboard, then I would agree with Jonathon, check the mail headers to
see where the messages are actually originating from. Also check if
you have any other wordpress sites installed to your hosting account
that you may have forgotten about in subfolders or in other domains.
That's what I see most often.
More information about the PLUG