WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[resolved] Vunerable! (6 posts)

  1. shrewd1983
    Member
    Posted 5 months ago #

  2. alsur
    Member
    Posted 5 months ago #

    Any solution to this yet? Is a concern that the info and vulnerability issues are spreading out!

  3. shrewd1983
    Member
    Posted 5 months ago #

    I disabled the plugin for the time being, also, if you have enabled the use of .htaccess in your wp-admin directory (Apache web server) this should work as well:

    <Files ~ "\.(php)$">
    Order Deny,Allow
    Allow from 0.0.0.0
    Deny from all
    </Files>

    0.0.0.0 being your ip address, you may have to modify this depending on your configuration.

  4. amcohrs
    Member
    Posted 5 months ago #

    Is I am wondering if these elements only apply to those using the database backup functionality. These attacks look as though they require a certain configuration.

    My question is, is this something that is a general security hole. The report does not declare any details on what circumstances allow for the acts to be successful. Yes there may be a security hole here but is it necessarily an item that can be easily exploited if all other security elements are in place?

    Again, I don't know but those are my questions as a web developer. And overreacting is not usually the best response.

  5. Chris Wiegman
    Member
    Plugin Author

    Posted 5 months ago #

    Those proposed vulnerabilities have been discussed with the WordPress plugin repo folks and others and are not valid.

  6. amcohrs
    Member
    Posted 5 months ago #

    Thanks for jumping in Chris! Didn't think there was anything to worry about I know you are on your game. Thanks for putting in all the hours on such a great plugin.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.