Assuming all Wordpress users know

conrad.braam · 23 November 2021 10:16

Just a reminder really, if you use Wordpress, update often, and if you were hosting on GoDaddy, change your password, like yesterday. (Just your little security industry update channel.)

kristof · 23 November 2021 10:27

True Wordpress is a goldmine for bug bounty hunters.

Follow the Exploit DB and search for Wordpress to stay up to date with latest exploits & vulnerabilities: https://www.exploit-db.com/

mirza · 23 November 2021 10:34

I’ve seen a lot of cases where people install a crazy amount of plugins on their WP site and they’re afraid to update them, or update the WP Core, as they think it will break things. It’s pretty easy to roll back a troublesome plugin to an earlier version, so it’s not much of an excuse to avoid regular updates.

conrad.braam · 23 November 2021 11:41

Mostly just the GoDaddy hosting users, not a WP problem per se, although I am aware it’s not an easy to secure tool.

han_toan_lim · 23 November 2021 11:52

Here is another useful website:
https://www.cvedetails.com

han_toan_lim · 6 December 2021 11:01

Today I received a mail that my gravatar account was breached.

Gravatar.com let me automatically add a picture and some other information based on my email address. E.g. my first profile picture on the club was from gravatar.com.

When I tried to change my password, I was directed to Wordpress.com. In that web site I successfully changed my password for gravatar.com and wordpress.com.

If I would hosted my website on wordpress.com, then my website could have been taken over.

emna_ayadi · 6 December 2021 11:16

Thanks for the info !

conrad.braam · 6 December 2021 11:48

oh damn I better try fix my gravatar password, it’s been my most awesome thing because every site is sign up for and use the same username it just “gravatrs” me automatically, which is so cool. A wonder they don’t make us pay for that.

han_toan_lim · 6 December 2021 13:02

I forgot to mention, that I got my email from https://haveibeenpwned.com, where I entered all my email addresses.

jesper · 6 December 2021 18:53

Additional Security for WP: two factor and 1Password

kristof · 7 December 2021 08:45

The only password you should remember! <3

mirza · 7 December 2021 15:23

User: admin
Password: admin
Leave the default admin login

majesticjondi · 8 December 2021 05:40

That was a breach from 2020, and was just names and emails – no passwords were compromised.

han_toan_lim · 8 December 2021 06:55

You are right that the Gravatar password was not retrieved.

My execuses to the community for a too hasty post.

kristof · 8 December 2021 07:45

Panic everywhere XD
No worries, we are all human!

conrad.braam · 8 December 2021 09:16

I had to check, because gravatar uses your email mailbox itself, an unusual security arrangement. I love it when simple “identity” actually works.

Topic		Replies	Views
Selenium on a server vs Local machine 🗄️ Archive security	0	400	4 February 2020
What all should be tested on a site after PHP/WordPress versions/plugins are updated? 🗒️ Site Updates & Feedback	2	138	11 January 2024
OWASP - ASVS: Forgot Password 🗄️ Archive security	2	923	15 September 2017
Abusing non unique email address as login 🗄️ Archive security	4	707	13 August 2019
Should you log a defect on a website you visit or join? 🗄️ Archive rant	6	1325	15 January 2018

Assuming all Wordpress users know

Related Topics