Affected Versions:WordPress 2.8/WordPress MU 2.7.1Program introduction:
WordPress is a free forum Blog system.Vulnerability Analysis:
WordPress lacks permission check for the PHP module configured with the page parameter plug-in. If the non-privileged user uses admin in the request. php replaces options-general.php
–advanced
Wp-admin/edit-form.php: Defines the management page of the journal Simple Edit form management, including post.php. Reference: write–write Post
wp-admin/edit-form-comment.php: Edit specific journal comments.
wp-admin
A few days ago, I did not know how to perform operations on the server where wordpress is located. When I updated it today, all the menus in the background experienced error 404. This is because files are lost on the server. But I log on to the server and view all the background files. A few more links found that the wp-admin directory is not automatically added
In Nginx environment access sometimes access WordPress backstage will directly return the error. Carefully find the path is less wp-admin, the solution is simple to modify in the/usr/local/nginx/conf/wordpress.conf fileLocation/ {index index.html index.php; if (-F $request _filename/index.html) {rewrite (. *) $1break; if (-F $request _filename/index.php) {rewrite
Just have a customer's WordPress blog forgot the password, so the password modified by FTP modified, but the background entered the correct username and password submitted or not login, login address jump to the back is%2fwp-admin%2freauth=1For example: h/wp-login.php?redirect_to=http%3a%2f%2fwww.fengzx.com%2fblog%2fwp-admin
Affected Versions:WordPress 3.0.1 vulnerability description:Bugtraq id: 42440
WordPress is a free forum Blog system.
If the action parameter is set to delete-selected, WordPress does not properly filter and submit it to wp-admin/plugins. php's checked [0] parameter is returned to the user, which allows remote attacke
WordPress static Cache Plug-ins A lot, we now talk about a very common static cache plug-in WP Super cache basic use methods, including plug-in installation settings and deactivate the delete cache.The plugin in the WordPress background plugin Installation page, has been in the homepage recommended location, you know it is the official strongly recommended one of
Often hear friends asked: "How to identify the WP site", "How to view the topic of WP website", "How to Identify WordPress", "WordPress Theme Query" Today to say a wayThe original link: How to judge the site is not WordPress do and WP
and private key ssh specify.Delete Existing DataIf you ' re unsure whether access data already stored on WordPress, you can search the WordPress options in the database usi ng the following page on your website:http://example.org/wp-admin/options.phpThere should search for the Entry:ftp_credentialsIf This is present,
Error description: WordPress in the background version upgrade, error, after entering the foreground or backstage, are unable to access the entry, error message as follows:Warning:copy (/home/xxx/public_html/wordpress/wp-admin/menu.php) [Function.copy]: failed to open stream:permission Denied in/home/xxx/public_html/
Popular Wordpress analysis plug-in WP-Slimstat weak key and SQL Injection Vulnerability Analysis
The Web security enterprise Sucuri said on Tuesday that they found an SQL injection vulnerability in the latest Wordpress analysis plug-in WP-Slimstat, which allows attackers to perform SQL blind injection, to obtain sensi
;(9) Complete the installation at this point.Visit site (test):http://localhost/wordpress/ (the background login password is the application password entered during installation), go to the background page:650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/2B/wKioL1VBkX2B1H44AAJ2fByKuU4688.jpg "title=" 6.png " alt= "Wkiol1vbkx2b1h44aaj2fbykuu4688.jpg"/>Do you know:WordPress major changes to the file after installation:1.e:\xampp\apps Direct
WordPress uses the plug-in mechanism to provide great scalability for a basic CMS-based Blog system.
First, the interface between the WP plug-in and the file system is the WP-content/plugins folder. The main interface file can be directly placed in this folder. If there are many files involved, you can create another folder and put it in this folder, however, thi
Release date:Updated on:
Affected Systems:WordPress WP-Filebase Download Manager 0.3.0.03Description:--------------------------------------------------------------------------------WP-Filebase Download Manager is an advanced File Download Manager for WordPress.
WP-Filebase Download Manager 0.3.0.03 and other versions
also show your integrity.
We can use to modify the WordPress program XFN link Relationship to solve, the following describes how to give WP links to add nofollow properties of the specific operation:
First, find the site root directory: "meta-boxes.php" file, the specific path is: "/wp-admin/includes/meta-boxes.php.
Release date:Updated on:
Affected Systems:WordPress WP SlimStat Plugin 2.xDescription:--------------------------------------------------------------------------------WordPress WP SlimStat is a real-time Web analysis plug-in.WordPress WP SlimStat 2.8.4 and earlier versions do not properly filter
foreground
With the opposite function, just add an exclamation point ...
if (!is_admin ()) {Remove_action (' init ', ' _wp_admin_bar_init ');}Remove the spacing of the top tool bar 28px
Some blogs have a blank space in front of the top toolbar, which you can delete with the following code
function Remove_adminbar_margin () {$remove _adminbar_margin = ' ';echo $remove _adminbar_margin;}/* Wp-admin
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.