WordPress - Arbitrary File Deletion Flaw
Published: June 28, 2018
WordPress Security, Arbitrary File Deletion Flaw.
What does that mean to you?
If you are using WordPress, you may have received an email talking about the Arbitrary File Deletion Flaw.
In simple terms, this is what it means to you.
Criminal hackers could potentially take over your website under certain circumstances.
This sounds scary, and it is but the hackers can only do this if they already have a user account on the WordPress site and
have the user role of at least Author with the ability to upload media attachments.
An oversight at WordPress then allows these people to delete files from your WordPress website and potentially damage the site or even take over.
If the hacker deletes the wp-config.php file, they could easily take over the site and lock you out.
WordPress will fix this exploit in the next update to be sure.
What can you do?
Using your FTP client or your hosting file manager, you can alter the file permissions from 755 to 555.
You can do this for all the files and folders in WordPress except:
root -> wp-content -> uploads
By locking down your websites files and folders, it will take away the hackers ability to delete files from your website.
If you don't know what that means, contact a WordPress Security Expert.
Contact us at the computer geek, we will help you secure your website so you can sleep better at night.