WordPress.org

Ready to get started?Download WordPress

Forums

Admin username changer
[resolved] Security issue (11 posts)

  1. Julio Potier
    Member
    Posted 2 years ago #

    Hello

    Your plugin makes life easy for hackers because you do not use security nonce tokens.
    Also, the plugin sends you an email each time the plugin option page is visited, without user agreement, this is spam and forbidden.

    Read the codex to learn how to add nonces to your form/ajax.
    Btw, all websites do not starts with 'http://www.', check "parse_url()" php function.
    Also, check $wpdb->update() function.
    Last, what is JS is not activated, like on Screen Readers for blind people ?

    See you !

    http://wordpress.org/extend/plugins/admin-username-changer/

  2. emcode
    Member
    Plugin Author

    Posted 2 years ago #

    Thank you for your suggestions Julio.

    Email sending was in the plugin for maybe 5 minutes and i removed it immediately and sent an email to the webmaster of the url that was sent to me - to uninstall it and re install the new clean one.

    I'll make the changes you suggested in the next release.
    Greets

  3. Julio Potier
    Member
    Posted 2 years ago #

    Thank you emcode, i'll be here ;)

  4. emcode
    Member
    Plugin Author

    Posted 2 years ago #

    The new version is in the tags folder, 1.1 :)

    Check it out and let me know what you think, and then i'll release it.

    Greets!

  5. Julio Potier
    Member
    Posted 2 years ago #

    Great news!
    But the actual trunk version is 1.0
    Change Stable tag: 1.1 to Stable tag: trunk in readme.txt file

  6. emcode
    Member
    Plugin Author

    Posted 2 years ago #

    DOne :)

  7. David100351
    Member
    Posted 1 year ago #

    Is it possible to install and activate, change the username, and then uninstall and delete for security?

    thanks

  8. Julio Potier
    Member
    Posted 1 year ago #

    Yes.

  9. akalsha
    Member
    Posted 1 year ago #

    Hello,

    What will happen to my posts if I change the admin user name? It's currently the only user, and I have hundreds of posts. Will they be deleted?
    :)

  10. Julio Potier
    Member
    Posted 1 year ago #

    Non, the username is not linked to posts, the ID is.

  11. akalsha
    Member
    Posted 1 year ago #

    Thank you. :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.