Wordpress Admin Login Hack | Ethical Hacking Warning
So here's my quick thought, warning or piece of advice on ethical hacking before I get into the rest of this..
-- Just because you can doesn't mean you should --
With that said, people put a lot of hard work into the development of their blogs and no one, and I mean no one should login and wreck all the hard work an individual has done to inform others through their own content and knowledge on their subject matter. So if you've been able to utilize this hack that I will speak of in this post, just don't.. and I say that on behalf of anyone that owns a blog.
Now for all those users that either love it or use the Wordpress platform, your blog might be in deep deep trouble. Have you ever heard of the All In One SEO plugin ? Chances are you have... it's been around for quite some time. This SEO plugin helps you address meta tags for your WP blog. It's easy to use and customizable and anyone who's anyone that wants to SEO their blog has probably tried this plugin or is still using it today.
Recently, a flaw has been found in this plugin that leaves your site pretty vulnerable to anyone other than you. This flaw allows a user to login to the wp-admin allowing non-admin users to modify the plugin, elevate non admin users privileges, add vicious coding to your administrative panels so, in short if you allow open registrations to your site YOU ARE AT RISK.
Alright, so now that I've told you the bad news, I know you're wondering, how do I fix this ?!? The fix is very easy.. just update the plugin "now" and that will patch the flaw and you can continue business as usual. Alternatively, you could just upgrade to a different SEO plugin and of course disable and remove the SEO All In One as well and that would fix things too.
Thanks for reading. If you liked the post, please use the share buttons below.
#candidwriter #wordpress #blog