1 Jan
2013
1 Jan
'13
10:54 a.m.
Worth mentioning (as I just installed it myself) that for those of us
already familiar (and happy) with Google Authenticator, there's a free GA
plugin for WP that seems to work just fine in v3.5 -
http://wordpress.org/extend/plugins/google-authenticator/
Kind regards
Murray Crane
On 31 December 2012 16:05, Johnathon <kirrus(a)kirrus.co.uk> wrote:
It's worth enabling two-factor auth if you can.
There are paid
services/plugins you can use, a pretty decent one is from Duo security.
Sent from my mobile, apologies for brevity.
On 30 Dec 2012, at 23:47, Andy Smith <andy(a)bitfolk.com> wrote:
Hello,
On Sun, Dec 30, 2012 at 11:41:34PM +0000, Ian wrote:
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
Andy said:
It was uploaded as a plugin.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users Upon further investigation it appeared that
around 30th November one
of the site's legitimate Wordpress admins had logged in from an
unexpected place (a Tor exit node) and had uploaded a PHP file which
appeared to enable full filesystem traversal, downloading of file
content, shell command execution as Apache user, etc.
Is this something that was uploaded to the WordPress
wp-content/upload directories or as a plugin / theme?