Silly question, right? alas, i need a definite answer,
Here's the sitch:
We Built a site for a client who was using DreamHost as their provider, against our better judgement and advisement. The client used DreamHosts One-Button-Install of WordPress, 3.0 I believe.
In the rush to get the site done, the Authentication Keys and Salts in the wp-config.php were left as the default phrase, 'put your unique phrase here' or whatever.
It's my current understanding as per the WP Codex that these keys are used to add security to the users cookies.
Nevertheless, in about a month, for whatever reason the site's database just emptied. not the information_schema, just the entire WP tables. Also strange was that the DreamHost backups for that database were all empty as well.
The client called, we looked into it, but you can't call DreamHost, then the client found the default Auth Keys in place, and began sharpening pitchforks / lighting torches, etc.
So my Question is this, is it even possible to gain access to the database if you know that an authorization key is left at the default phrase?
I've conducted a thorough search, but alas uncovered nothing that explicitly states otherwise.
Thanks again Stack Overflow, for keeping me off the burning pyre.
wp-config. php is one of the core WordPress files. It contains information about the database, including the name, host (typically localhost), username, and password.
The wp-config. php file is usually located in the root folder of your website with other folders like /wp-content/. Once you have downloaded the wp-config. php file, you can make the appropriate changes then re-upload it to your web server.
They'd need to know the user and password of the database, and even then I'm pretty sure the Wordpress config default auth strings aren't human readable like 'put your unique phrase here' as in your example (from memory, I think that appears commented out on the line above), but are actually GUIDs. Therefore, unless Wordpress uses the same default GUIDs in every zip package, I wouldn't presume that is the culprit.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With