WordPress.org

Support

Support » Plugins and Hacks » [Plugin: Admin Log] unsecure

[Plugin: Admin Log] unsecure

Viewing 2 replies - 1 through 2 (of 2 total)
  • I don’t think this is a major issue. The only information logged are admin pages a registered users has accessed. There is no sensitive WordPress information recorded as far as I am aware? The query strings sent along with some admin pages cannot be used maliciously?

    But if you have any other comments as to how admin pages accessed can be used to hack a site then please let me know.

    Also, if a user wishes they can password protect the folder the text file is stored in.

    depends, if you know the name of user, for example if they let the default admin user active, then you know half of the key.

    I know many people don’t mind, and don’t really have to, but if you you run heavy loaded site with sensitive data then simple try if this file exist gives you many informations.

    I know I’m exaggerating but if you know a bit the group you want to attack from forum or any other discussion where people let their log, or passwords or any other outputs, plus if you know their name under which they can log in….

    Frankly I do not believe many users mind to change their visible name so that it’s not same as the one they use for acces (visible for instance in discussion), but that’s their problem… and consequently yours as the site owner too.

    The only thing I wanted to say is that this file is the easiest way how to fetch many interesting informations in one place…not only for good guys/girls.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: Admin Log] unsecure’ is closed to new replies.
Skip to toolbar