| |||||||
| Register | Blogs | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| | Thread Tools | Display Modes |
04-13-2008, 02:15 PM
| |||
| |||
 Secuity Breach/hole in WP Hey, This looks bad. I googled using keyword "asc" and it gave a reference to my blog, bad-breath-advisor.com. I clicked on it and up came my blog without ever having to go through admin/password. Here th3e google ref: " 197 results stored on your computer - Hide - About Bad Breath Advisor › Edit.. - GetWeightedTags(tag" asc" limit) format SBI Tips and Tricks #031.. - ays=0&postorder=asc&start=0 http:forums " I end up in the Plugins: "Editing UltimateTagWarrior/ultimate-tag-warrior.php" From here, I gain access to everything concerning my blog without ever having to login. Is this fixed in 2.5? If so, we should immediately install 2.5 or risk destruction at the hand of some malevolent hacker.
__________________ Kindest Personal Regards, Walt SkypeName: wabboc http://www.skintilating.com http://www.gerdadvisor.com/ http://www.genealogyhookups.com/ http://www.bad-breath-advisor.com/ http://www.capecod-beaches.com      |
|
04-13-2008, 02:26 PM
| |||
| |||
| If you feel that has happened you should immediately change your username and password. Out of curiosity did you give access to your admin to some else?
__________________ Cheers David |
|
04-13-2008, 02:30 PM
| |||
| |||
| hhmm. I'm going to ask a really silly question here. Are you using a desktop search and searching your desktop not the web? This makes me think you may be. 197 results stored on your computer Its referencing files on your computer. Unless you didnt copy corectly into here? Please clarify. thanks Marc |
|
04-13-2008, 02:35 PM
| |||
| |||
| Ok I jumped the gun a bit here. I had assumed that what you mentioned was correct. In a sense it is. Correct me if I'm wrong but like most of us we save the login details on our PC. When we revisit that site/page we are automatically logged in. My guess is that is what happened to you. I tried the admin and had no luck. EDIT: I missed that part about being stored on the computer. Thanks Marc.
__________________ Cheers David Last edited by Kangaroo Jack : 04-13-2008 at 02:38 PM. |
|
04-13-2008, 04:59 PM
| |||
| |||
| I can't reproduce it so I must have been off the web.
__________________ Kindest Personal Regards, Walt SkypeName: wabboc http://www.skintilating.com http://www.gerdadvisor.com/ http://www.genealogyhookups.com/ http://www.bad-breath-advisor.com/ http://www.capecod-beaches.com |
|
04-14-2008, 11:45 AM
| |||
| |||
| robots.txt When putting site up, what you should not forget to do is create robots.txt file on top level of your domain. Edit it and include the following: Disallow: /wp-content/cache/ Disallow: /wp-content/themes/ Disallow: /wp-content/plugins/ Disallow: /wp-admin/ Disallow: /wp-includes/ Disallow: /wp-login.php Disallow: /wp-register.php Disallow: add whatever you don't want to be indexed by search engines
__________________ Proud Member Of AdSense Excellence |
Linear Mode
