WordPress.org

Forums

All In One WP Security & Firewall
Changing Database Prefix - MultiSite (3 posts)

  1. netpotion
    Member
    Posted 1 year ago #

    I just added this to a fresh multi-site installation and noticed that subdomains are apparently able to change the database prefix. They can also see what the current prefix is.

    Even worse, it appears as though subdomains can create database backups.

    This seems like a pretty big security flaw to me. What am I missing here?

    Thanks,

    ~ Corey

    https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

  2. wpsolutions
    Member
    Plugin Author

    Posted 1 year ago #

    Sub sites of a multi-site can only change the prefix of their own databases and similarly they can only make backups of their own sub-site DB.

    What leads you to believe that this is a security flaw?

  3. netpotion
    Member
    Posted 1 year ago #

    Isn't this exposing the prefix of the main database to anyone who signs up? It would seem to defeat the purpose of having the ability to change the prefix, but only for the super admin. The only prefixes that would remain unknown to others would be the ones created by the subdomains/folders.

    Thanks,

    ~ Corey

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic