Security issues - wp-config.txt shows up on search

1 replies
  • |
Not an issue with one of my sites, but I was just messing around and found this issue on another site, a personal blog. All the info was in there, password, username etc. I have no interest in messing with people's sites, but how much damage would it be possible to do with this info? You would be able to access the db remotely and mess with the content etc, but what else? I'd like to hear your thoughts on this. I'm asking because I run a computer company where I fix computers and network issues, and lately it have crossed my mind a couple of times to learn more about website and network security (which lead me to find this security hole in the blog to begin with).
#issues #search #security #shows #wpconfigtxt
  • Profile picture of the author Carlo Manf
    Hi Lars. Why was there a file called wp-config.txt? I guess it was a plugin generating it?

    With access to the database, I guess they'd be able to do all sorts of stuff – install malware, etc. Mind you, the passwords for accessing the wordpress admin area are stored as encrypted in the database.
    {{ DiscussionBoard.errors[9835778].message }}

Trending Topics