[wp-trac] [WordPress Trac] #52544: Removing database tables allows anyone to take over all website files

WordPress Trac noreply at wordpress.org
Tue Mar 30 11:29:28 UTC 2021


#52544: Removing database tables allows anyone to take over all website files
-----------------------------+------------------------------
 Reporter:  winternetstudio  |       Owner:  (none)
     Type:  enhancement      |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Security         |     Version:  5.6.1
 Severity:  major            |  Resolution:
 Keywords:                   |     Focuses:
-----------------------------+------------------------------

Comment (by m0ze):

 Replying to [comment:8 winternetstudio]:

 Your emotionality in this matter and an attempt to make a big problem out
 of it suggests that you're simply trying to absolve yourself of
 responsibility for your own mistake and for all subsequent consequences of
 this mistake. Like, "the problem isn't in our actions, but in the
 WordPress CMS". But no, it was exactly your mistake. The second mistake is
 that you didn't insure yourself in advance against further problems,
 which, rather, speaks of little experience with this engine, and looks
 like you don't want to learn the lesson from this situation.

 Just in case, let me remind you that WordPress has always been a compact
 basis for a blog, the functionality of which has been expanded due to
 plugins, hacks, etc. Over the past ~8 years, this engine has left the blog
 niche and has become extensively used in the development of various
 projects, but the essence remains the former is a minimal user-friendly
 framework that can be extended by plugins. Apparently, you didn't know
 this either, and you didn't install any plugins to hedge yourself against
 "accidents", right?

 Nobody said that this option is more or less important, but this doesn't
 mean in any way that it should be otherwise. Again, you are trying to
 create a huge issue where it doesn't exist, raising your personal case to
 an absolute. Your negative experience is the consequences of your
 ignorance and your actions (and inaction, in the case of dropped database
 tables). To be honest, I can hardly imagine how it's possible to drop
 tables (!) in a database of a working website, and leave it all in this
 form. Tell me at least how these tables were deleted? phpMyAdmin? Plugin?

 On the other hand, instead of learning a lesson from this situation, you
 start talking about how this is a huge security problem for the WordPress
 CMS, because there is practically no "foolproof". Strong logical skills
 over here, yes.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/52544#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list