Author Topic: BIG Wordpress Installer BUG  (Read 3658 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
BIG Wordpress Installer BUG
« on: October 22, 2020, 07:26:05 AM »
The WordPress installer is leaving the site wide open to hackers.

If DOES NOT update the salt keys in wp-config.php and just leaves the default

define( 'AUTH_KEY',         'put your unique phrase here' );
define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
define( 'NONCE_KEY',        'put your unique phrase here' );
define( 'AUTH_SALT',        'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
define( 'NONCE_SALT',       'put your unique phrase here' );

without updating them. These should be automatically be replaced by salt generated from https://api.wordpress.org/secret-key/1.1/salt/

An early action by the DEV team would help a lot of WordPress users who use CWP and  might have missed this serious BUG

Offline
*
Re: BIG Wordpress Installer BUG
« Reply #1 on: October 27, 2020, 04:44:17 AM »
186 views and no replies from any of the devs  :'( :'( :'( :'( :'( :'( :'( :'(

Offline
*****
Re: BIG Wordpress Installer BUG
« Reply #2 on: October 27, 2020, 03:25:30 PM »
Hello

Sorry I did not respond, Thank you for your security contribution, this will be implemented in one of our next versions, I will let you know when this is done