Wordpress Security Hole, Plug it by manually installing themes and plugins

It's always bothered me how Wordpress basically forces the user to provide their hosting credentials to install themes and plugins.  How do know for sure the data is not being saved, intercepted and being provided backdoor access to the NSA or other agencies or even just being misused by others with access?

Here's how to close the security hole above and if you're already given Wordpress your credentials make sure you change everything associated it with it.  Eg. change your ftp username and password, database password and if the same login gives you access to your hosting account/control panel you'll need to change all of your e-mail passwords too.

  1. Search for themes from their website directly.
  2. Download it to your computer, extract the zip file.
  3. FTP/Upload the extracted directory to your hosting account to the "wp-content/themes" directory for your domain.
  4. Activate it from your Wordpress

Yes the above takes a few extra steps but is well worth the peace of mind.

 


Tags:

wordpress, manually, installing, themes, pluginsit, user, hosting, credentials, install, plugins, intercepted, provided, backdoor, nsa, agencies, misused, associated, eg, ftp, username, password, database, login, panel, ll, passwords, website, download, extract, zip, upload, extracted, directory, quot, wp, content, domain, activate,

Latest Articles

  • QEMU / KVM How To Manually Create Basic Virtual Machine VM
  • Linux wlan0 check all wireless clients
  • PHP Issues With Decoding Strange Smart Quotes And Non-Standard ASCII Characters
  • /etc/iproute2/rt_tables default settings file in Linux Centos 6,7 and most other NIX's
  • bind named error solutions named[2169]: error (no valid DS) resolving / error (broken trust chain) resolving / : error (no valid RRSIG) resolving 'com/DS/IN':
  • iptables how to log ALL dropped incoming packets
  • How To Edit Linux Based NM Network Manager Connection Settings Without GUI
  • Linux Disable IPV6 Centos / Debian / Mint Howto
  • Linux use growisofs to burn a larger file on a BD-R / Bluray Disc
  • Linux partprobe/partx cannot access last and 4th partition
  • DRBD Errors Caused By Physical Corruption
  • mdadm: add new device failed for /dev/sdb4 as 3: Invalid argument solution
  • Linux named / bind how to dump, view and clear the cache!
  • Centos 6 / 7 / 8 How To Change Default nameservers in /etc/resolv.conf when using DHCP / dhclient
  • Adobe Acrobat Reader for Linux to use and view XFA Fillable Forms
  • Debian Linux Mint Ubuntu iptables save and restore settings automatically onboot and reboot
  • Why SMART is not smart at all and doesn't properly predict disk errors that cause a kernel panic or crash
  • scp: ambiguous target error and solution
  • VirtualBox How To Add iSCSI Storage using VBoxManage
  • iSCSI on Centos 7 Configuration and Setup Guide for Initiator and Target