{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 趁早两清 的问题《Patch for Wordpress Remote Admin Reset Password Vu》','https://www.manongdao.com/q-939762.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
The vulnerability is documented here. The patch is supposedly a 1-line replace as documented here in line 190 of branches/2.8/wp-login.php - the new patch should look this (check line 118) - my question is - is this patch enough? If not, any suggestions?
相关问题
- Display product ACF field value in Woocommerce tra
- “Zero out” sensitive String data in Swift
- Adding a custom button after add to cart button in
- How to add a “active” class to a carousel first el
- Setting custom order statuses as valid for payment
相关文章
- wordpress新增页面如何个性化设置
- Warning : HTML 1300 Navigation occured?
- select query in wordpress
- Get WooCommerce featured products in a WP_Query
- Woocommerce update shipping methods in checkout vi
- Security concerns about CORS
- How do I prevent SQL injection with ColdFusion
- Change order status just after payment in WooComme
Yes, this is a very good patch for the Wordpress vulnerability.
This is NOT SQL Injection, if it was then you could dump the entire table of users. Changing your name is not a very good security measure. Keeping your code up to date is what you must always do, or you will be hacked.
As I understand it, the patch closes that particular hole. However, another basic security measure I take on every WP site I administrate is to delete the "admin" user, and ideally never have any users' usernames be the same as their display names. That doubles the security in that bad guys have to guess the usernames, as well as figure out a way to hack the passwords.
There are a lot of additional security measures you can find by doing a search on WordPress + security, but I have stuck with changing usernames, altering the db table names on install, and basic permissions stuff. That's worked well so far, without the ton of additional upkeep necessary during WP upgrades that some of the more intense security measures require.