Never, EVER leave any backups inside your domain document root! 🚩

I recently did a series of articles regarding Types of WordPress Malware Attacks and What They Do and this is just one example of a poor security practice that most people engage in.

For example, this Montenegrin website that can be found by Google Dorking has a backup of the wp-config.php file named c2onfig.txt

image 14 - Never, EVER leave any backups inside your domain document root! 🚩

If RemoteMySQL access is enabled, the login information in this file can be used to log into the database.

But no need to do that because this website also contains an uninstalled version of InfiniteWP. 🤦

image 15 - Never, EVER leave any backups inside your domain document root! 🚩

Therefore, you can install InfinityWP on the domain and manage this website as well as many others by using the MySQL login credentials from the residual backup of the configuration file.

Here are some simple methods to check if your WordPress website is also vulnerable to information disclosure: https://wpxss.com/wp-admin/what-is-data-breach-information-disclosure-and-how-to-prevent-wordpress-information-disclosure/#link-check-if-your-website-is-vulnerable

Was this post helpful?

Let me know if you liked the post. That’s the only way I can improve. 🙂

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Was this post helpful?

Leave a Comment Cancel reply