WordPress.org

Ready to get started?Download WordPress

Forums

Yak Plugin Exploit. Yuk!!! (8 posts)

  1. netpup007
    Member
    Posted 5 years ago #

    Sorry for setting up another wordpress.org account - I keep forgetting my passwords.

    Now I'm trying Yak and somebody gained access to my administration account. What the hell is wrong with WordPress plugins!!!

    http://wordpress.org/extend/plugins/yak-for-wordpress/

  2. @mercime
    Volunteer Moderator
    Posted 5 years ago #

    Curious. How do you know that the exploit was caused by the plugin?

  3. netpup007
    Member
    Posted 5 years ago #

    Because it is the only plugin I have installed!!!!!

  4. Lester Chan
    Member
    Posted 5 years ago #

    what what version of WP are you using?

  5. anmari
    Member
    Posted 5 years ago #

    I've had friends sites hacked and it appears to have been a brute force attempt at guessing the login (admin for sure, then what next.....)

    There are a number of ways of preventing this - change admin via DB to something else, use login/lockdown etc. i have listed a bunch of ideas on my site.

  6. nolongeractive
    Member
    Posted 5 years ago #

    Interesting that rather than contacting the author of the plugin, you post a message here first. Also interesting, is that in a good couple of years of people using YAK, no one has posted anything about any exploits like this. Nor have they contacted me directly about it.

  7. anassirk
    Member
    Posted 5 years ago #

    I'm using YAK in many of my sites.
    It's a very great plugin (easy to understand and use).

    There maybe an exploit, but I don't think you can say that it's caused by the plugin just with the

    Because it is the only plugin I have installed!!!!!
    .

  8. atQuest
    Member
    Posted 5 years ago #

    I'm not about to drop my consideration for this plugin because some *bleep that "keeps forgetting his passwords" got his admin account "hacked". Assumptions do more bad than good. No proof it was thru this plugin means maybe you dropped one of your "Don't forget the password of my big new ecommerce site is "password".." yellow sticky note!

Topic Closed

This topic has been closed to new replies.

About this Topic