Wordpress Security Hole, Plug it by manually installing themes and plugins

It's always bothered me how Wordpress basically forces the user to provide their hosting credentials to install themes and plugins.  How do know for sure the data is not being saved, intercepted and being provided backdoor access to the NSA or other agencies or even just being misused by others with access?

Here's how to close the security hole above and if you're already given Wordpress your credentials make sure you change everything associated it with it.  Eg. change your ftp username and password, database password and if the same login gives you access to your hosting account/control panel you'll need to change all of your e-mail passwords too.

  1. Search for themes from their website directly.
  2. Download it to your computer, extract the zip file.
  3. FTP/Upload the extracted directory to your hosting account to the "wp-content/themes" directory for your domain.
  4. Activate it from your Wordpress

Yes the above takes a few extra steps but is well worth the peace of mind.

 


Tags:

wordpress, manually, installing, themes, pluginsit, user, hosting, credentials, install, plugins, intercepted, provided, backdoor, nsa, agencies, misused, associated, eg, ftp, username, password, database, login, panel, ll, passwords, website, download, extract, zip, upload, extracted, directory, quot, wp, content, domain, activate,

Latest Articles

  • ImageMagick Convert PDF Not Authorized
  • ImageMagick Converted PDF to JPEG some files have a black background solution
  • Linux Mint Mate Customize the Lock screen messages and hide username and real name
  • Ubuntu/Gnome/Mint/Centos How To Take a partial screenshot
  • ssh how to verify your host key / avoid MIM attacks
  • Cisco IP Phone CP-8845 8800/8900 Series How To Reset To Factory Settings Instructions
  • ls how to list ONLY directories
  • How to encrypt your SSH private key file id_rsa
  • Linux Mint 18 Disable User Name List from showing on Login Screen
  • Firefox Cannot Hit Enter Key In Address Bar and Location History Not Working
  • Cisco Unified Communications Manager / CUCM IP 8.6,10,12 Install Error Solution
  • Ubuntu Debian Mint Linux SSHD OpenSSH Server Not Starting After Reboot Solution
  • nmap how to scan for all ports and not just the 1000 most common ports
  • Windows 7,8,10 and Server 2008, 2012, 2016, 2019 Read Only Attribute Won't Go Away
  • bind / named how to make a wildcard record and retain defined A records
  • Cisco Unified Communications Manager 12 Install Errors on Proxmox/KVM
  • Local Vs Universally Administered MAC Address NIC Refuses to come up
  • Cisco Unified Communications Manager 12 CUCM 12 - How To Enable Video Calling
  • Windows 7, 8, 10, Windows Server 2008, 2012, 2016, 2019 How To AC97 Audio Drivers and Other Unsigned Drivers
  • Cisco Unified Communications Manager / CUCM IP Telephony Definitions