iThemes Security (formerly Better WP Security)
[resolved] Vunerable! (6 posts)

  1. shrewd1983
    Posted 2 years ago #

  2. alsur
    Posted 2 years ago #

    Any solution to this yet? Is a concern that the info and vulnerability issues are spreading out!

  3. shrewd1983
    Posted 2 years ago #

    I disabled the plugin for the time being, also, if you have enabled the use of .htaccess in your wp-admin directory (Apache web server) this should work as well:

    <Files ~ "\.(php)$">
    Order Deny,Allow
    Allow from
    Deny from all
    </Files> being your ip address, you may have to modify this depending on your configuration.

  4. Aaron Cohrs
    Posted 2 years ago #

    Is I am wondering if these elements only apply to those using the database backup functionality. These attacks look as though they require a certain configuration.

    My question is, is this something that is a general security hole. The report does not declare any details on what circumstances allow for the acts to be successful. Yes there may be a security hole here but is it necessarily an item that can be easily exploited if all other security elements are in place?

    Again, I don't know but those are my questions as a web developer. And overreacting is not usually the best response.

  5. Chris Wiegman
    Posted 2 years ago #

    Those proposed vulnerabilities have been discussed with the WordPress plugin repo folks and others and are not valid.

  6. Aaron Cohrs
    Posted 2 years ago #

    Thanks for jumping in Chris! Didn't think there was anything to worry about I know you are on your game. Thanks for putting in all the hours on such a great plugin.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.