Best online slot games real money in india,1xBet login download.Recharge Every day and Get Bonus up-to 50%!

wp-pass & wp-register – safe to delete?

dropshot — Thu, 28 May 2015 07:01:24 +0000

I found theese two files in the root of one install:

wp-pass.php
wp-register.php

I understand that those are old files that doesn’t belong to current WP-versions. Why aren’t those deleted when WordPress is updated?

Is it safe just to delete them?

Can anyone advise me?

wp-pass & wp-register – safe to delete?

dropshot — Tue, 26 May 2015 05:58:32 +0000

I found theese two files on one install:

wp-pass.php
wp-register.php

I understand that those are old files that doesn’t belong to current WP-versions. Why aren’t those deleted when WordPress is updated?

Is it safe just to delete them?

wp-pass.php, wp-register.php Out of Date – Is This Okay?

comeundone — Fri, 14 Jun 2013 23:17:00 +0000

Hi there,

I’m running the most recent version of WordPress. I’ve even tried hitting the ‘re-install now’ button on the updates page. Despite this, three PHP scripts (wp-app, wp-register, and wp-pass) are outdated. Checking via FTP, I can see these files haven’t been touched since 2012. All the other files are showing the last modified date as today. Is this correct? Should I (or can I) delete these files? Is there somewhere I can get a new/clean version of them without having to reinstall the whole site?

The reason I ask is because we’ve been hit by a hacker and I want to make sure these aren’t in any way malicious. The code in them looks benign, but it’s hard not to be paranoid after getting attacked, and the user did gain access by creating an ‘admin’ user and deleting every other user. He then modified our .htaccess file to point at a malicious script hidden behind license.html.

I think I’ve cleaned up everything else, but these outdated scripts are still giving me pause. Should I rest easy about them?

Clarifying wp-pass and wp-register questions – hacked

AlisonMooreSmith — Fri, 26 Oct 2012 19:29:25 +0000

I posted a question (item 2) in another thread. esmi responded that I needed to follow the advice in another thread about the hack and then closed the comments, so I can’t clarify there. :/

As I said in the second thread, I am following the advice she gave there. But the question in the thread linked above is a different question and I’m hoping for a response, so I can try to UNDERSTAND the problem as presented to me. I am working through those posts, but I want to understand and verify what I’ve been told and, hopefully, prevent this problem from happening again.

I’ll try to be more clear about my questions.

(1) Are wp-pass.php and wp-register.php files that only appear in older versions of WordPress? (I am using the current version on this multisite.)

(2) How would these files be “injected” into my root folder?

(3) What kind of security breach, if any, would these two folders introduce?

(4) Would setting permissions on these two files to 0 (or 000) remove the breach? (I was hacked again after I changed the settings.)

(5) I was told that removing the problematic files won’t solve the problem because “the perpetrators will just turn around and replace them getting past the current version of WordPress.” If a perpetrator can create files in my root folder, then how will changing permissions on those two files STOP them from creating files in my root folder.

Hope that clarifies what I’m trying to understand. Please rest assured, I am following the advice. I’m just trying to understand the issues.

wp-pass.php – wp-register.php hack vulnerability?

AlisonMooreSmith — Fri, 26 Oct 2012 17:25:49 +0000

My site has been hacked twice in the past month. HostGator informed me of this problem. In trying to work through this, I was given some info by a support person at WPMUDev (the creators of a number of plugins I use) on my multisite.

I can’t understand his responses and he seems not to understand my actual questions, so I’m hoping for a second opinion and or a different perspective so that I can work through this.

The support person said that two files in my install (wp-pass.php and wp-register.php) are old files that were “injected into [my] WordPress installation” and “are causing a security breach with unauthorized signups.”

He said that they do not exist in current WordPress installs (I am using the current version of WordPress, but they are still there) but that I can’t just delete them because “the perpetrators will just turn around and replace them getting past the current version of WordPress.”

Instead, he said that I need to set the permissions of those two files to 0 “so they cannot be overwritten and are rendered absolutely useless.”

(1) I followed his advice and the site was again hacked this week.

(2) If removed files can be replaced by someone else, then someone else has access to my root file. How does changing permissions on two files help if someone can create files in my root folder?

Change wp-postpass expiration duration

TheCosmonaut — Tue, 20 Jul 2010 05:26:41 +0000

The default duration for cookies set with wp-pass is 10 days. I want to be able to set it to just one day. How do I go about doing this? Of course, I can hack wp-pass and it’ll work just fine, but I’d like to have a more long-term solution (one that will last through updates).

I can’t see a hook or action that’ll do this, and it’s not in pluggable.php… Is there a solution?

Thanks in advance.

Private Page – redirects to dashboard on login

Mon, 19 Jan 2009 16:53:25 +0000

when creating a private page after being prompted for the password, when the password is incorrect the user is redirected to the user dashboard rather than the page log in

i have checked wp-pass and it is receiving the correct redirect path, but seems to be doing something strange.

even if i input the correct password i am forwarded to the admin user panel.

the site requires that users log in, just to access the site, is this log in interfering with the page log in? i do not get this result for private posts, only private pages…

TIA

Password protected posts/files

Mon, 16 Jun 2008 17:39:14 +0000

I’ve been lookind around all the documentation but haven’t really found much. Would really appreciate it if anybody can point me in the right direction.

Cheers

Wp-pass doesn’t redirect password protected posts

Fri, 03 Nov 2006 03:44:18 +0000

Wp-pass.php doesn’t redirect password protected posts.

That’s pretty much it. You put in the password, and you are taken to https://luve-me.net/wp-pass.php. You have to re-input the url to see the post.

How do you fix this. I’ve looked at pages upon pages here to try to find an answer, but I found nothing.