[wp-trac] [WordPress Trac] #52544: Removing database tables allows anyone to take over all website files
WordPress Trac
noreply at wordpress.org
Tue Mar 30 11:29:28 UTC 2021
#52544: Removing database tables allows anyone to take over all website files
-----------------------------+------------------------------
Reporter: winternetstudio | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 5.6.1
Severity: major | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by m0ze):
Replying to [comment:8 winternetstudio]:
Your emotionality in this matter and an attempt to make a big problem out
of it suggests that you're simply trying to absolve yourself of
responsibility for your own mistake and for all subsequent consequences of
this mistake. Like, "the problem isn't in our actions, but in the
WordPress CMS". But no, it was exactly your mistake. The second mistake is
that you didn't insure yourself in advance against further problems,
which, rather, speaks of little experience with this engine, and looks
like you don't want to learn the lesson from this situation.
Just in case, let me remind you that WordPress has always been a compact
basis for a blog, the functionality of which has been expanded due to
plugins, hacks, etc. Over the past ~8 years, this engine has left the blog
niche and has become extensively used in the development of various
projects, but the essence remains the former is a minimal user-friendly
framework that can be extended by plugins. Apparently, you didn't know
this either, and you didn't install any plugins to hedge yourself against
"accidents", right?
Nobody said that this option is more or less important, but this doesn't
mean in any way that it should be otherwise. Again, you are trying to
create a huge issue where it doesn't exist, raising your personal case to
an absolute. Your negative experience is the consequences of your
ignorance and your actions (and inaction, in the case of dropped database
tables). To be honest, I can hardly imagine how it's possible to drop
tables (!) in a database of a working website, and leave it all in this
form. Tell me at least how these tables were deleted? phpMyAdmin? Plugin?
On the other hand, instead of learning a lesson from this situation, you
start talking about how this is a huge security problem for the WordPress
CMS, because there is practically no "foolproof". Strong logical skills
over here, yes.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52544#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list