About half an hour ago, I came across a forum that disabled guest searching. For some reason, my attention turned to the login box. I simply typed in the username and password 'test' and bingo - it worked! And I did my search.

Then I started to think - there must be other forum admins with test accounts. Now a user account typically can't do more than completley spam your forum <which is quite easy to clean with a click of the magic "delete all posts by this user" button>, but if, for example, you were testing moderator/administrator accounts on your forum, and your test account had a simple-to-guess password with mod/admin rights - then some nasty person could wreck havoc on your forum. So, secure those test accounts! Just put a password which isn't easy to guess on them, or simply delete the account when you're done testing.

__________________
Host your forum with a reliable, stable host from just $2 per month!
Are you running a bigger forum, or a network of sites? Get a VPS from just $6 per month!

If they were smart I am sure that the test account only has viewing permissions only, no posting privileges.

__________________
My Blog - Follow Me on Twitter