Torque’s Social Hour: José Ramón Padrón from WCEU

Manually Installing WordPress, the Race Against Time

Posted by Torque Mag on July 25, 2022 at 12:27 pm
kitty kitty CATegory News
WordPress is known for its ease of installation, generally taking five minutes or less. But there’s a considerable risk involved in manually installing it on a web host. Earlier this month, Vladimir Smitka, a security researcher from the Czech Republic, highlighted the risk in detail. Upon sharing the article on Twitter, I noticed quite a few people who exclaimed that they had no idea about this attack vector, myself included. Most web hosts create an SSL certificate when setting up an account and the certificates become public knowledge. Attackers can use the Certificate Transparency Log to detect new entries and target new WordPress installations. Between the time of uploading files to the web host and completing the WordPress installation, attackers can compromise a site by configuring it to install into a database of their choosing with credentials they know. It can happen so fast that site administrators can mistakingly attribute the lack of entering database details during the install to assuming the web host did it for them. At this point, the attacker has full access to the site, can log in at will as an administrator, or perform various harmful actions. Smitka set up a honeypot to monitor what…

…Full post on Torque Mag
Read Full

Similar Posts

Notify of
Inline Feedbacks
View all comments