wp-admin » Never, EVER leave any backups inside your domain document root! 🚩

Never, EVER leave any backups inside your domain document root! 🚩

I recently did a series of articles regarding Types of WordPress Malware Attacks and What They Do and this is just one example of a poor security practice that most people engage in.

For example, this Montenegrin website that can be found by Google Dorking has a backup of the wp-config.php file named c2onfig.txt

image 14 - Never, EVER leave any backups inside your domain document root! 🚩

If RemoteMySQL access is enabled, the login information in this file can be used to log into the database.

But no need to do that because this website also contains an uninstalled version of InfiniteWP. 🤦

image 15 - Never, EVER leave any backups inside your domain document root! 🚩

Therefore, you can install InfinityWP on the domain and manage this website as well as many others by using the MySQL login credentials from the residual backup of the configuration file.


Here are some simple methods to check if your WordPress website is also vulnerable to information disclosure: https://wpxss.com/wp-admin/what-is-data-breach-information-disclosure-and-how-to-prevent-wordpress-information-disclosure/#link-check-if-your-website-is-vulnerable

See also  How to Backup a WordPress site using Softaculous

Was this post helpful?

Leave a Comment

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.

Recommended