Security: URL to be configurable in /etc/wordpress/…
-
Again, I ask for a small but important change in wordpress:
A wordpress blog currently cannot be shown under more than one URL, because the base URL (https://…/blog/ ) is configured in the SQL database. This is a major security flaw, since on a shared webserver with virtual hosts I cannot have the blog readable over https://… and the admin access under https://…/…
Since wordpress requires transmission of passwords in plaintext, this is a severe security flaw. I know that there are several patches floating around to address this flaw, but none of them works reliably. However, they still show that the problem exists.
My proposal:
Allow to override the base URL (which is configured in the SQL database) to be overridden in /etc/wordpress/*.php at runtime. This allows to have the same blog twice, once under https:// for reading, and once under https://.. for administrative access.
You need to take security more serious.
regards
Hadmut
- The topic ‘Security: URL to be configurable in /etc/wordpress/…’ is closed to new replies.