Another Linux lie: we have a CMS

Truth is, you have a putrid mess.

People are getting off WP, which is evident by the google searches for 'alternative to wordpress'. But this is not the point. The point is that WP has become a mess and enjoying it.

A customer calls. They checked their Apache logs and found out that, surprise, Google is searching for their secret login page that is hidden by a special plugin that they found and installed. So, they change the secret page address and keep monitoring. Next day, Google comes for the new address. And then Bing does too. And them more search engines show up, each trying to get the page. So, I bork their attempts with a custom .htaccess rewrite rule. They fuck off, and I proceed to analyze the logs to see what they might have done. This is scary!

Google went on, accessing the supposedly secret address, trying to bruteforce the login page by using a redirect parameter to each and every media file linked to the uploads section of the blog. Are search engines supposed to do that? Are security plugins supposed to leak secrets to ALL search engines in the visible universe? I hope that the answer is 'no'. Is it?

You would think that the developer of the security plugin should be interested in hearing about this vulnerability. You are wrong. They are indifferent to it to the point of totally ignoring the report and even by obviously sicking the WP moderator onto my customer, which is evident by their futher comments on the topic being HELD FOR MODERATION indefinitely. A cover-up in the making? You bet.

You would think that WordPress should be interested in learning about vulnerable plugins and in weeding them out of the flock. You are wrong. They are accomplices.

Do not bet your business or well-being on WrodPress: they are borderline criminal.

Posted by: LinuxLies at 06:46 AM | No Comments | Add Comment
Post contains 326 words, total size 2 kb.