Wordpress Security Hole, Plug it by manually installing themes and plugins

It's always bothered me how Wordpress basically forces the user to provide their hosting credentials to install themes and plugins.  How do know for sure the data is not being saved, intercepted and being provided backdoor access to the NSA or other agencies or even just being misused by others with access?

Here's how to close the security hole above and if you're already given Wordpress your credentials make sure you change everything associated it with it.  Eg. change your ftp username and password, database password and if the same login gives you access to your hosting account/control panel you'll need to change all of your e-mail passwords too.

  1. Search for themes from their website directly.
  2. Download it to your computer, extract the zip file.
  3. FTP/Upload the extracted directory to your hosting account to the "wp-content/themes" directory for your domain.
  4. Activate it from your Wordpress

Yes the above takes a few extra steps but is well worth the peace of mind.

 


Tags:

wordpress, manually, installing, themes, pluginsit, user, hosting, credentials, install, plugins, intercepted, provided, backdoor, nsa, agencies, misused, associated, eg, ftp, username, password, database, login, panel, ll, passwords, website, download, extract, zip, upload, extracted, directory, quot, wp, content, domain, activate,

Latest Articles

  • How to install gns3 on Linux Ubuntu Mint
  • How to convert audio for Asterisk .wav format
  • Using Cisco CME Router with Asterisk as a dial-peer
  • Cisco CME How To Configure SIP Trunk VOIP
  • Virtualbox host Only Network Error Failed to save host network interface parameter - Cannot change gateway IP of host only network
  • Cisco CME and C7200 Router Testing and Learning Environment on Ubuntu 20+ Setup Tutorial Guide
  • Abusive IP ranges blacklist
  • How to Install Any OS on a Physical Drive from Windows Using VMware Workstation (Linux, Windows, BSD)
  • CDN Cloudflare how to set and preserve the real IP of the client without modifying application code on Apache
  • CentOS 7 fix Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=container error was 14: curl#6 -
  • Ubuntu Debian How To Install Recommended Packages Automatically
  • How to set Linux Ubuntu Redhat Debian Command Line http https socks proxy for yum apt
  • How to resize a pdf without losing much quality in Linux Mint Ubuntu Debian Redhat Solution
  • qemu: could not load PC BIOS 'bios-256k.bin' solution
  • Proxmox How To Custom Partition During Install
  • Hyper-V Linux VM Boots to Black Screen, Storage, NIC Not Found Issues
  • Ubuntu Mint How to Fix Missing/Broken /dev and /dev/pts which causes terminal to immediately close exit and not work
  • How high can a Xeon CPU get?
  • bash fix PATH environment variable "command not found" solution
  • Ubuntu Linux Mint Debian Redhat Youtube Cannot Play HD or 4K videos, dropped frames or high CPU usage with Nvidia or AMD Driver