[wp-forums] thread to watch

Otto otto at ottodestruct.com
Mon Sep 13 17:44:00 UTC 2010 

I will grant him that the wp-config is the easiest and most common way
to inject code and to hack a WP site, but that assumes you already
have access to the server's files, in which case you're already in.
Renaming the wp-config would only stop automated tools, and even then
it would be trivial for the tools to adjust.

Educating him on permissions might be a better route to take.
wp-config should be set to 440 on normal one-site setups, or 400 on
shared hosting setups using any form of setuid handling (such as suPHP
or similar). This will prevent most routes of automated attack from
working.

-Otto



On Mon, Sep 13, 2010 at 12:39 PM,  <ipstenu at ipstenu.org> wrote:
> My Magic 8 ball says 'He's an idiot'
>
> This is the same guy who asked 'What's an API?' when that's something
> clearly documented in the plugin page:
> http://wordpress.org/support/topic/wordpresscom-stats-plugin-give-me-error
>
> He also JUST started using WP 4 months ago:
> http://wordpress.org/support/topic/errors-in-instalation
>
> If he's a hacker, I'll eat my socks.
>
> Quoting James Huff <macmanx at gmail.com>:
>
>> Thanks, Rich! I'll keep an eye on it.
>>
>> ________
>> James Huff
>> http://www.macmanx.com
>> http://weblogtoolscollection.com
>>
>> On Sep 13, 2010, at 9:17 AM, Rich Pedley <elfin at elfden.co.uk> wrote:
>>
>>> I don't know how serious this guy is, but it may be worthwhile  keeping
>>> an eye on him just in case he is able to do what he says  (hah).
>>>
>>>
>>> http://wordpress.org/support/topic/i-dont-need-help-but-i-have-questions?replies=18#post-1688473
>>>
>>> I know esmi has already replied, but you may want to keep an eye on it.
>>>
>>> Rich
>>> _______________________________________________
>>> wp-forums mailing list
>>> wp-forums at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-forums
>>
>> _______________________________________________
>> wp-forums mailing list
>> wp-forums at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-forums
>>
>
>
>
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
>

More information about the wp-forums mailing list