Worth mentioning (as I just installed it myself) that for those of us
already familiar (and happy) with Google Authenticator, there's a free GA
plugin for WP that seems to work just fine in v3.5 -
http://wordpress.org/extend/plugins/google-authenticator/
Kind regards
Murray Crane
On 31 December 2012 16:05, Johnathon <kirrus@???> wrote:
> It's worth enabling two-factor auth if you can. There are paid
> services/plugins you can use, a pretty decent one is from Duo security.
>
> Sent from my mobile, apologies for brevity.
>
> On 30 Dec 2012, at 23:47, Andy Smith <andy@???> wrote:
>
> > Hello,
> >
> > On Sun, Dec 30, 2012 at 11:41:34PM +0000, Ian wrote:
> >> Andy said:
> >>> Upon further investigation it appeared that around 30th November one
> >>> of the site's legitimate Wordpress admins had logged in from an
> >>> unexpected place (a Tor exit node) and had uploaded a PHP file which
> >>> appeared to enable full filesystem traversal, downloading of file
> >>> content, shell command execution as Apache user, etc.
> >>
> >> Is this something that was uploaded to the WordPress
> >> wp-content/upload directories or as a plugin / theme?
> >
> > It was uploaded as a plugin.
> >
> > Cheers,
> > Andy
> >
> > --
> > http://bitfolk.com/ -- No-nonsense VPS hosting
> > _______________________________________________
> > users mailing list
> > users@???
> > https://lists.bitfolk.com/mailman/listinfo/users
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
>
