Support » Requests and Feedback » Security: URL to be configurable in /etc/wordpress/…

  • hadmut

    (@hadmut)


    Again, I ask for a small but important change in wordpress:

    A wordpress blog currently cannot be shown under more than one URL, because the base URL (http://…/blog/ ) is configured in the SQL database. This is a major security flaw, since on a shared webserver with virtual hosts I cannot have the blog readable over http://… and the admin access under https://…/…

    Since wordpress requires transmission of passwords in plaintext, this is a severe security flaw. I know that there are several patches floating around to address this flaw, but none of them works reliably. However, they still show that the problem exists.

    My proposal:

    Allow to override the base URL (which is configured in the SQL database) to be overridden in /etc/wordpress/*.php at runtime. This allows to have the same blog twice, once under http:// for reading, and once under https://.. for administrative access.

    You need to take security more serious.

    regards
    Hadmut

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security: URL to be configurable in /etc/wordpress/…’ is closed to new replies.