Control Web Panel
WebPanel => CentOS-WebPanel Bugs => Topic started by: ekgrad on October 22, 2020, 07:26:05 AM
-
The WordPress installer is leaving the site wide open to hackers.
If DOES NOT update the salt keys in wp-config.php and just leaves the default
define( 'AUTH_KEY', 'put your unique phrase here' );
define( 'SECURE_AUTH_KEY', 'put your unique phrase here' );
define( 'LOGGED_IN_KEY', 'put your unique phrase here' );
define( 'NONCE_KEY', 'put your unique phrase here' );
define( 'AUTH_SALT', 'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT', 'put your unique phrase here' );
define( 'NONCE_SALT', 'put your unique phrase here' );
without updating them. These should be automatically be replaced by salt generated from https://api.wordpress.org/secret-key/1.1/salt/
An early action by the DEV team would help a lot of WordPress users who use CWP and might have missed this serious BUG
-
186 views and no replies from any of the devs :'( :'( :'( :'( :'( :'( :'( :'(
-
Hello
Sorry I did not respond, Thank you for your security contribution, this will be implemented in one of our next versions, I will let you know when this is done