security

  • I was alarmed to see a hacker post the following active link to a listserve.

    https://shake-speares-bible.com/wp-admin/post.php?post=2086&action=edit

    Does that mean that every edited version of every post is accessible to hacker? Or just the final version as last published?

    What are the implications. Does this hacker have access to my administrative panel?

    And what can be done to close up this security loophole? I’m not sure this is the best forum for the question, but since I figure you really brainy types hang out here, I’d give it a shot. Currently reading the codex on security issues, but thought it might be worth posting a specific query here. Thanks.

Viewing 6 replies - 1 through 6 (of 6 total)

  • The link redirects to the login screen, right? Has the post been edited? I can come up with that link for any of your posts (they all look the same, only the post ID changes), but that doesn’t mean that I can do anything with it. Or did I misunderstand you?

    Thread Starter rstritmatter

    (@rstritmatter)

    hmm…so it does redirect to the login screen, but in the version sent on the listserve by the hacker, it went directly to the editing screen. Why would that change?

    Let me try once more:

    <https://shake-speares-bible.com/wp-admin/post.php?post=2086&action=edit&gt;

    Let’s see where that goes.

    Thread Starter rstritmatter

    (@rstritmatter)

    Nope. Why would the link he sent behave differently in an email than on these boards?

    Thanks to Roy or anyone who can shed light on this. Continuing to read more generally on security questions on codex and boards.

    Cheers,

    RS

    Here.

    It would have been mighty strange if just knowing an url (which is extremely easy) could get you into the admin. When not logged it, such a link can never take you to the edit screen. You were probably logged in when you tried.

    Thread Starter rstritmatter

    (@rstritmatter)

    Ok, I think I figured it out. Sorry. Is there an icon for dumb?

    Someone can close this thread. I don’t see a link for me to do it.

    Thread Starter rstritmatter

    (@rstritmatter)

    Yup. You solved the mystery!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘security’ is closed to new replies.