Скачать или смотреть WPS Hide Login Updated to Fix Vulnerability via @martinibuster

Reported today on Search Engine Journal

For the full article visit: http://tracking.feedpress.it/link/139...

WPS Hide Login Updated to Fix Vulnerability

Popular WordPress security plugin, WPS Hide Login, was discovered to have a vulnerability. The vulnerability was immediately patched as soon as it was discovered.

The WordPress Vulnerability Database describes the update like this:

"fixed a vulnerability in version 1.5.4.2 and below that could allow an attacker to find and access the secret login page."

What Is the WPS Hide Login Vulnerability?

WPS Hide Login is a WordPress plugin that creates a secret admin login page. This prevents hackers from attacking the admin login page with a password guessing attack since the login page is hidden.

The vulnerability allows a hacker to cause the plugin to reveal the URL for the hidden page. A hacker can then begin the attack.

Versions 1.5.4.2 and Older Affected

This vulnerability affects plugin version 1.5.4.2. All users of the plugin are urged to update their plugin to version 1.5.5 right away.

How the Vulnerability Was Discovered

A web application firewall publisher, NinTechNet, discovered the vulnerability on January 20, 2020. They communicated the problem to the developers at WPS Hide Login who promptly closed the vulnerability the same day.

The NinTechNet.com published an account of the discovery after the plugin was updated.

WPS Hide Login Changelog

Every WordPress plugin communicates the contents of its updates through a formal log called a changelog. A web publisher can check the changelog from the WordPress plugin dashboard and decide whether an update is important or not.

Some updates can break a site so some admins may choose to not update unless it's for something critical.

Ideally, software makers should communicate how important and update is at the very least and at most just come out and say that it's patching a vulnerab