Again, I ask for a small but important change in wordpress:
A wordpress blog currently cannot be shown under more than one URL, because the base URL (http://…/blog/ ) is configured in the SQL database. This is a major security flaw, since on a shared webserver with virtual hosts I cannot have the blog readable over http://… and the admin access under https://…/…
Since wordpress requires transmission of passwords in plaintext, this is a severe security flaw. I know that there are several patches floating around to address this flaw, but none of them works reliably. However, they still show that the problem exists.
Allow to override the base URL (which is configured in the SQL database) to be overridden in /etc/wordpress/*.php at runtime. This allows to have the same blog twice, once under http:// for reading, and once under https://.. for administrative access.
You need to take security more serious.
- The topic ‘Security: URL to be configurable in /etc/wordpress/…’ is closed to new replies.