Wordpress Security Hole, Plug it by manually installing themes and plugins

It's always bothered me how Wordpress basically forces the user to provide their hosting credentials to install themes and plugins.  How do know for sure the data is not being saved, intercepted and being provided backdoor access to the NSA or other agencies or even just being misused by others with access?

Here's how to close the security hole above and if you're already given Wordpress your credentials make sure you change everything associated it with it.  Eg. change your ftp username and password, database password and if the same login gives you access to your hosting account/control panel you'll need to change all of your e-mail passwords too.

  1. Search for themes from their website directly.
  2. Download it to your computer, extract the zip file.
  3. FTP/Upload the extracted directory to your hosting account to the "wp-content/themes" directory for your domain.
  4. Activate it from your Wordpress

Yes the above takes a few extra steps but is well worth the peace of mind.

 


Tags:

wordpress, manually, installing, themes, pluginsit, user, hosting, credentials, install, plugins, intercepted, provided, backdoor, nsa, agencies, misused, associated, eg, ftp, username, password, database, login, panel, ll, passwords, website, download, extract, zip, upload, extracted, directory, quot, wp, content, domain, activate,

Latest Articles

  • Microsoft Teams Linux - Calendar Doesn't Work Missed Meetings!
  • Scanner not working in Linux Ubuntu Fedora Mint Debian over the network? Use sane-airscan!
  • How To Boot, Install and Run Windows 2000 on QEMU-KVM
  • bash cannot execute permission denied
  • Huion and Wacom Tablets How To Install in Linux Mint / Ubuntu and make the stylus work properly
  • ffmpeg how to cut certain parts of video out
  • ffmpeg how to concat and join two video clips
  • mencoder instead of ffmpeg to join or concatenate video files with different audio streams
  • Linux How To Stop Missing Drive from Halting Boot Process in fstab
  • How To Replace Audio Track of Video using ffmpeg
  • qemu-img convert formats vdi vmdk raw qcow2
  • Linux and Windows Dual Boot Crazy Time Issues
  • dynagen / dynamips 100% high CPU usage solution - how to set the idlepc value
  • How To Setup a Cisco CME (Cisco Manager Express) Virtual Router under Linux using dynamips and dynagen
  • Linux Mint Ubuntu Debian CentOS Dual Boot Install Issues
  • Linux Mint Ubuntu Debian Centos RHEL no sound solution
  • Linux Mint/Debian/Ubuntu/Centos Installer black grub screen and blank screen after trying to boot installer or main OS
  • Linux Mint Dual Boot Install Avoid Wiping our your Main C: drive /dev/sda MBR and EFI
  • QEMU-KVM soundhw deprecated how to enable sound in QEMU 4.x series
  • Virtualbox Error Cannot register the hard disk because a hard disk with UUID already exists solution