Support » Fixing WordPress » I think it’s a big SECURITY ISSUE http://localhost/wp-admin/options.php

Viewing 6 replies - 1 through 6 (of 6 total)
  • you have to be logged in to see any pages in wp-admin

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    It’s only accessible to logged in Administrators, so please do make sure that you only promote people you trust, or keep yourself as the only Administrator.

    Thread Starter Saurabh Saneja

    (@saurabhsaneja)

    My 2 cents: Admins can access database anyway so is there any specific reason to keep this in the admin panel?

    Thanks for responding 🙂

    Admin’s can’t access the database dircectly through WordPress itself. You need to use a different system , like phpMyAdmin, to do that. Those tools have different users that aren’t associated with WordPress, so a WordPress admin can’t log into those without having a correct account that’s completely separete to their WordPress account.

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    Correct, options.php offers access to some things that are not in other panels, and that’s intentional. It does not, by far, offer access to the entire database.

    The only people who can access the database are those who know the database’s hostname, username, and password, which are all entirely separate from WordPress. If the database’s hostname is localhost they also need access to either the server that the database is on or the hosting account’s control panel (which again is entirely separate from WordPress).

    Thread Starter Saurabh Saneja

    (@saurabhsaneja)

    Thanks Huff, I wanted to give WordPress heads up about it.

    Thanks for responding 🙂

    • This reply was modified 4 years, 4 months ago by Saurabh Saneja. Reason: Writing it in a better way
Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘I think it’s a big SECURITY ISSUE http://localhost/wp-admin/options.php’ is closed to new replies.