Security: URL to be configurable in /etc/wordpress/... (3 posts)

  1. hadmut
    Posted 7 years ago #

    Again, I ask for a small but important change in wordpress:

    A wordpress blog currently cannot be shown under more than one URL, because the base URL (http://.../blog/ ) is configured in the SQL database. This is a major security flaw, since on a shared webserver with virtual hosts I cannot have the blog readable over http://... and the admin access under https://.../...

    Since wordpress requires transmission of passwords in plaintext, this is a severe security flaw. I know that there are several patches floating around to address this flaw, but none of them works reliably. However, they still show that the problem exists.

    My proposal:

    Allow to override the base URL (which is configured in the SQL database) to be overridden in /etc/wordpress/*.php at runtime. This allows to have the same blog twice, once under http:// for reading, and once under https://.. for administrative access.

    You need to take security more serious.


  2. Chris_K
    Posted 7 years ago #

    Is this helpful? Administration_Over_SSL

    While suggestions for improvement are always welcome here, they may not get noticed by the folks doing the actual coding.

    You might consider logging it to http://trac.wordpress.org/ or generating discussion at the WP Hackers mailing list.

  3. Matt Mullenweg
    Posted 7 years ago #

    You can override the URL in the wp-config.php file. You could create logic to define different variables based on IP or hostname:


Topic Closed

This topic has been closed to new replies.

About this Topic