Support » Plugin: Admin username changer » [Plugin: Admin username changer] Security issue

  • Resolved Julio Potier



    Your plugin makes life easy for hackers because you do not use security nonce tokens.
    Also, the plugin sends you an email each time the plugin option page is visited, without user agreement, this is spam and forbidden.

    Read the codex to learn how to add nonces to your form/ajax.
    Btw, all websites do not starts with ‘http://www.’, check “parse_url()” php function.
    Also, check $wpdb->update() function.
    Last, what is JS is not activated, like on Screen Readers for blind people ?

    See you !

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author yoshitech


    Thank you for your suggestions Julio.

    Email sending was in the plugin for maybe 5 minutes and i removed it immediately and sent an email to the webmaster of the url that was sent to me – to uninstall it and re install the new clean one.

    I’ll make the changes you suggested in the next release.

    Thank you emcode, i’ll be here 😉

    Plugin Author yoshitech


    The new version is in the tags folder, 1.1 🙂

    Check it out and let me know what you think, and then i’ll release it.


    Great news!
    But the actual trunk version is 1.0
    Change Stable tag: 1.1 to Stable tag: trunk in readme.txt file

    Plugin Author yoshitech


    DOne 🙂

    Is it possible to install and activate, change the username, and then uninstall and delete for security?




    What will happen to my posts if I change the admin user name? It’s currently the only user, and I have hundreds of posts. Will they be deleted?

    Non, the username is not linked to posts, the ID is.

    Thank you. 🙂

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘[Plugin: Admin username changer] Security issue’ is closed to new replies.