I signed up a tester account to see how things work when not logged in as admin. I noticed that I can post even though email has NOT been confirmed - why is that?? This is a major security issue, and I dont understand what the point of confirming the email is if you can still post unconfirmed? It clearly says on top of forum when logging in: "Your account is currently awaiting confirmation. Confirmation was sent to firstname.lastname@example.org. Resend Confirmation Email" How come the account has access to posting when not confirmed? It didnt even ask for a captcha when posting, even though I have it enabled and if not logging in I can post anonymously if I enter a correct captcha. So in other words, anyone can type in any email to register and then post directly without any confirmation or any captcha which is very bad since it opens up completely for automatic spam bots.