It's definitely a Wordpress related issue. I've had the same problem on several of my blogs and on client blogs I'm hosting. The issue arises from wp-register.php which is deprecated but redirects to wp-login's register function. Even if you have user registration turned off here, I would recommend going an extra step and altering your wp-login where you see this :
Quote:
case 'register' :
if ( !get_option('users_can_register') ) {
wp_redirect('wp-login.php?registration=disabled');
exit();
}
|
replace it with something like this...
Quote:
case 'register' :
wp_redirect('http://some-other-url-here.com');
exit();
|
I have been very creative with my redirect and send these hackers to a Clickbank offer that they probably need. You can see it by checking the link to my wp-register.php...
http://www.affiliatebestprograms.com/wp-register.php
