Changing Display Name For Security?

User avatar
axew3
w3all User
w3all User
Posts: 2883
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Re: Changing Display Name For Security?

Post by axew3 »

Just arrived an email from my host provider:
ti informiamo che sul plugin Contact Form 7 di WordPress, che i nostri sistemi automatici di gestione hanno rilevato essere installato su uno o più dei tuoi siti, è emersa una grave vulnerabilità.
grave vulnerabilità = severe security issue

in fact, this plugin 5 millions install, Contact Form 7, was coming with a security issue, that leave your site to be an easy target for hackers:
Removes control, separator, and other types of special characters from filename to fix the unrestricted file upload vulnerability issue.
5.3.2 fixed this aspect but: are we sure that an hacker, do not placed now a file somewhere into our system, if the contact form (not in my case) was allowed to upload attachments?

So i just would like to remember an assertion, coming from the old bruteforce topic:
Hint for cool people: do not overload WordPress activating multiple not useful features, thinking that for this you'll be more secure. If the code of plugins you use, the server configuration, and the cms are secure, maybe (maybe not) you do not need to much to pretend to stay secure, except the above. This is it on this online example since ever.
Post Reply