WordPress installer creates security risk

WordPress installer creates security risk, Installer leaves out critical WP security measures (3 Replies, Read 3465 times)

erclerico	October 19, 2009, 7:59 pm
Group: Member Post Group: Newbie Posts: 2 Status:	Take a look at the wp-config.php when this install is complete - it leaves several key phrases used to secure encrypting to their default settings - for example: define('AUTH_KEY', 'put your unique phrase here'); Here is a code snippet from a bash script I developed for installing WP that installs secure pass phrases: Code curl http://api.wordpress.org/secret-key/1.1/ -o "secret_key.txt" TIC="'" sed -e 's/define('"${TIC}"'DB_NAME'"${TIC}"', '"${TIC}"'[[:alnum:]]'"${TIC}"')/define('"${TIC}"'DB_NAME'"${TIC}"', '"${TIC }${DB_NAME}${TIC}"')/g s/define('"${TIC}"'DB_USER'"${TIC}"', '"${TIC}"'[[:alnum:]]'"${TIC}"')/define('"${TIC}"'DB_USER'"${TIC}"', '"${TIC}${DB_US ER}${TIC}"')/g s/define('"${TIC}"'DB_PASSWORD'"${TIC}"', '"${TIC}"'[[:alnum:]]'"${TIC}"')/define('"${TIC}"'DB_PASSWORD'"${TIC}"', '"${TIC }${DB_PASSWORD}${TIC}"')/g s/define('"${TIC}"'DB_HOST'"${TIC}"', '"${TIC}"'[[:alnum:]]'"${TIC}"')/define('"${TIC}"'DB_HOST'"${TIC}"', '"${TIC}${DB_HO ST}${TIC}"')/g s/'"$(printf '\015')"'$//g s/$table_prefix = '"${TIC}"'wp_'"${TIC}"'/$table_prefix = '"${TIC}${TNAME}${TIC}"'/g /define('"${TIC}"'AUTH_KEY'"${TIC}"', '"${TIC}"'.'"${TIC}"');/ d /define('"${TIC}"'SECURE_AUTH_KEY'"${TIC}"', '"${TIC}"'.'"${TIC}"');/ d /define('"${TIC}"'LOGGED_IN_KEY'"${TIC}"', '"${TIC}"'.'"${TIC}"');/ d s/define('"${TIC}"'NONCE_KEY'"${TIC}"', '"${TIC}"'.'"${TIC}"');/WORDPRESS_KEYS/g /WORDPRESS_KEYS/{ r secret_key.txt d }' "public_html/wp-config-sample.php" > "public_html/wp-config.php" rm -f secret_key.txt I think you guys use perl - so I don't know how much this helps. Thank you. -Erin
IP: --

Users viewing this topic
	1 guests, 0 users.