ericktedeschi
Forum Replies Created
-
Forum: Plugins
In reply to: [User Security Tools] Plugin suggestionsThanks for the suggestion and use the User Security Tools.
I’ll put them in my backlog for the next release.I’m also planning add language support to make it more easy.
Forum: Plugins
In reply to: [User Security Tools] [Plugin: User Security Tools] Password agingHi,
thanks,
I’m planning new features and an redesign of the UI.
These 2 features pointed will be considered in the next version.regards
Hi,
now supports both single site install and multisite install.
Since version 1.1 (02/17/2012)
Forum: Fixing WordPress
In reply to: Hacked by Hmei7I think you can update the users table and left the field user_pass blank of all users except your admin.
So, update the password of your admin:update wp_users set user_pass = md5(‘new password’) where ID = XXX;
Search for backdoors/malicious code mainly in plugins and themes.
Unfortunatelly, if the hacker used an vulnerability on some plugin or theme, the “door” may be open!
Forum: Hacks
In reply to: multisite settings page, saving data in db – can wp api handle thisThe functions get_site_option, update_site_option, delete_site_option and add_site_option can be used to write settings valid in all network.
My plugin User Security Tools makes use of this functions.(http://ww.wp.xz.cn/extend/plugins/user-security-tools/)
This functions are in wp-include/functions.php
Forum: Hacks
In reply to: How my web site hacked even after hardened it?Have you saw the apache log?
If the hacker exploited your blog environment, certainly he left evidences in log.
For example, when you delete an user. The URI on apaches log looks like:/wp-admin/users.php?action=delete&user=XXXX&_wpnonce=XXXXXXX
In the same line of the log, also have the ‘hacker’ ip.
And with this info you can find in the log what he made on your blog.Forum: Hacks
In reply to: [Plugin: No More Passwords] Is this secure?Hi,
I saw your code and would like to suggest some little improvements.
– I think that the link generated by the qr code could have an wp_nonce to protect against CSRF.
– May be that your plugin is vulnerable to DoS. In reason the time spent to query DB+generate QrCode and render the page.
– One tip: You could change the deprecated function get_userdatabylogin by get_user_by(‘login’, $login). (line 41 version 0.1.1)