[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks

WordPress Trac noreply at wordpress.org
Fri Aug 16 10:57:49 UTC 2019


#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------------
 Reporter:  paragoninitiativeenterprises  |       Owner:  pento
     Type:  task (blessed)                |      Status:  reopened
 Priority:  normal                        |   Milestone:  Future Release
Component:  Upgrade/Install               |     Version:  4.8
 Severity:  critical                      |  Resolution:
 Keywords:  has-patch                     |     Focuses:
------------------------------------------+-----------------------------

Comment (by paragoninitiativeenterprises):

 I would strongly recommend ''against'' removing the signature verification
 for core updates.

 Without signatures, WordPress is one 0wned server away from turning the
 entire installed base into a DDoS botnet capable of breaking the Internet
 backbone. Let's not return to that state, okay?

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:98>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list