Control Web Panel

WebPanel => CentOS-WebPanel Bugs => Topic started by: ekgrad on October 22, 2020, 07:26:05 AM

Title: BIG Wordpress Installer BUG
Post by: ekgrad on October 22, 2020, 07:26:05 AM

The WordPress installer is leaving the site wide open to hackers.

If DOES NOT update the salt keys in wp-config.php and just leaves the default

define( 'AUTH_KEY',         'put your unique phrase here' );
define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
define( 'NONCE_KEY',        'put your unique phrase here' );
define( 'AUTH_SALT',        'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
define( 'NONCE_SALT',       'put your unique phrase here' );

without updating them. These should be automatically be replaced by salt generated from https://api.wordpress.org/secret-key/1.1/salt/

An early action by the DEV team would help a lot of WordPress users who use CWP and  might have missed this serious BUG

Title: Re: BIG Wordpress Installer BUG
Post by: ekgrad on October 27, 2020, 04:44:17 AM

186 views and no replies from any of the devs  :'( :'( :'( :'( :'( :'( :'( :'(

Title: Re: BIG Wordpress Installer BUG
Post by: josemnunez on October 27, 2020, 03:25:30 PM

Hello

Sorry I did not respond, Thank you for your security contribution, this will be implemented in one of our next versions, I will let you know when this is done