[wp-trac] [WordPress Trac] #52544: Removing database tables allows anyone to take over all website files
WordPress Trac
noreply at wordpress.org
Sun Mar 28 15:27:30 UTC 2021
#52544: Removing database tables allows anyone to take over all website files
-----------------------------+------------------------------
Reporter: winternetstudio | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 5.6.1
Severity: major | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by m0ze):
Replying to [ticket:52544 winternetstudio]:
> If one by mistake removes the WordPress' database tables but files are
left intact, a hacker or anyone can "install" WordPress again and do
whatever he wants. It's a bad design choice that puts WordPress
installations at additional risk.
If someone deleted the tables in a database and left everything in this
form, then this is a 100% human factor, which has a mediocre relationship
to WordPress.
The same can be said if a user with administrator privileges has the
password like "qwe123", then a hacker can easily gain access to the
administrative panel and take control of the entire site. This is not a
security issue of WordPress engine for sure, not to mention the fact that
this method was used for mass hacks many years ago, when users uploaded
the WordPress files to a home directory, but did not complete the
installation.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52544#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list