Author Topic: BIG Wordpress Installer BUG (Read 3647 times)

ekgrad · « **on:** October 22, 2020, 07:26:05 AM »

The WordPress installer is leaving the site wide open to hackers.

If DOES NOT update the salt keys in wp-config.php and just leaves the default

define( 'AUTH_KEY', 'put your unique phrase here' );
define( 'SECURE_AUTH_KEY', 'put your unique phrase here' );
define( 'LOGGED_IN_KEY', 'put your unique phrase here' );
define( 'NONCE_KEY', 'put your unique phrase here' );
define( 'AUTH_SALT', 'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT', 'put your unique phrase here' );
define( 'NONCE_SALT', 'put your unique phrase here' );

without updating them. These should be automatically be replaced by salt generated from https://api.wordpress.org/secret-key/1.1/salt/

An early action by the DEV team would help a lot of WordPress users who use CWP and might have missed this serious BUG

ekgrad · « **Reply #1 on:** October 27, 2020, 04:44:17 AM »

186 views and no replies from any of the devs

josemnunez · « **Reply #2 on:** October 27, 2020, 03:25:30 PM »

Hello

Sorry I did not respond, Thank you for your security contribution, this will be implemented in one of our next versions, I will let you know when this is done

Control Web Panel

Author Topic: BIG Wordpress Installer BUG (Read 3647 times)

BIG Wordpress Installer BUG

Re: BIG Wordpress Installer BUG

Re: BIG Wordpress Installer BUG