Simple feelings about wordpress Security

Source: Internet
Author: User

Prepared to go to bed, before going to bed in the translation of the word around, found a friend of the translation of the blog, [url] http://www.thinkdap.com [/url], and then clicked to look at it. I accidentally found a login link in the lower right of the page and clicked it. . . So I lost a username and password, and I got it:
Then I tested the admin user name and got it again:

Have you found anything?
Yes, it is an error message. The first figure describes the username that I enter at will. The error message is displayed in detail, for fear that you do not know that you have used the wrong username. Then I tested it with admin. In the second figure, the error message is invalid password. What does this mean? Obviously, the admin user name is the Login User Name of the blogger. Haha. The password can be entered with a hacker dictionary and a cracking tool...
The wordpress error prompt is too detailed, but it is a vulnerability. Solution: 1. Do not display the login link on your blog page. 2. Modify the wordpress error message and do not display such a detailed error message.
This friend's blog also lists his gmail address, msn information and QQ number. So I clicked the forget password button and entered his gmail address. The mail was sent out correctly, this indicates that the login information of the blog is related to his gmail account. I also knew his QQ number, so I pretended to be a mm, and added his QQ number to chat with him. It was very easy to get some of his information and crack his blog password, you don't even need to use any brute force cracking software... This can also help to understand what is social engineering. This article is from the blog "{: Alex Space =>" Ruby Notes "}"

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.