Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Side note here and unrelated to your topic really:
I would never use Hello Dolly. Moreover, it’s a pretty common vector for attackers who replace the file with their own content
That would indicate a much bigger problem and that’s that someone’s server or WordPress installation is insecure. Removing Hello Dolly won’t do anything for that situation.
Jan, your side note is correct, but…
Understand that if there is a file that is (a) commonly installed on EVERY wordpress install, and (b) rarely actually used by the sites in question then it’s a perfect file to overwrite when attempting to hack a system. If you get a plug in that allows writing to files outside of the upload directory, hello.php is a perfect place to land your hack – and most people will never check it until it’s too late. It’s in an executable directory, it’s a file that’s always there, and it’s a file that essentially nobody uses.
Basically, most people would scan your wordpress install and never run across hello.php – so they don’t generally check it for a hack. The result is many hacks are written there.
Almost everything else in wordpress has a use and is commonly used. This piece of legacy code is unused and not required for a normal install.
Askimet is more of a question of a commercial service that not everyone chooses to use. It’s a plug-in, nothing more. No other commercial plug in gets such preferential and repeated distribution, and it adds extra code to every download, and extra steps to remove it from every install that doesn’t use it. It also means that automatic updating is NOT an option, as this unwanted payload will be “updated” back onto the wordpress install each time.