New on LowEndTalk? Please Register and read our Community Rules.
WordPress Source Code Exposed Online
Big reveal today: https://patchstack.com/articles/wordpress-source-code-exposed-online
This is probably a good time to export your Wordpress sites as static HTML, for those of you who can. For the rest, consider blocking POST requests if your website doesn’t need it. For those that can do neither, good luck!
It’ll probably be years before the Wordpress devs are able to recover from the constant barrage of vulnerabilities that will be discovered now. Expect that they’ll likely only fix them one at a time, reactively.
Comments
Time to ditch MXRoute.
If you got worried about this (yes you the viewer of this post), please come forward, say hi.
hehehe
I'm not worrying because I don't use bug-ridden WordPress.
However, I'm worried about VirmAche MIAZ011 outage.
My private Seafile instance is on this server.
I have backups, but the decryption key to the backups is stored in Seafile.
Hi
I was just about to ask why this is a big deal, but then I realized that today is ...
There is just one thing about the Wordpress source code. It's the best anti-hackers tool there is. Any hacker looking into the Wordpress source code will never want to get near a computer again.... (and rather become a shepherd in Nova Scotia).
So with the Wordpress source coded exposed today is a great day for overall tech security.
Are you going to post this on your wordpress sites? It's pretty important information for everyone.
Thanks for wasting precious 60 seconds.
im moving all my wp blogs to web3.0-wp
For a second I thought journalism hit a new low by interviewing ChatGPT, but we will keep that for next year.
I genuinely wonder if something like this would be able to be successfully litigated. The only thing besides today's date that indicates this is a joke is the "Have a wonderful weekend and a happy April fools’ day." at the bottom of the article, and I guess the chatgpt nonsense.
If you wrote an article like this, which caused a chain reaction of clients leaving wordpress, or just the potential reputation damage, would they have grounds to litigate this under something like tortious interference?
Does a specific day of the year give you impunity to potentially damage a company's reputation?
Well, in this particular case, minimally, the closing "Have a wonderful weekend and a happy April fools' day", which includes a link to the corresponding Wikipedia page, would protect them legally
(Otherwise, as far as fools are concerned, there's not much one can do ...
)
Would it? I think the only instances that would be free of liability would be explicit parody accounts.
Let's say CNN publishes an article on April 1, and the headline is, "Amazon services hit by ransomware, customer credit card details leaked." The intent is the same as here, to present a headline which causes some level of concern, and many people would react just based on that headline, overloading Amazon support/contacting their credit card provider, etc, and the way media is regurgitated automatically given the size of audiences, that could damage both Amazon's reputation, and cause a financial loss. I'm not sure if CNN would be protected there just because the article was intended as a joke for April fools.
Or another scenario, what if every year Microsoft published an article about how Google has been hacked to promote their own search engine/services? Seems like a solid way to tamper with/cause concern for the clientele of your competitors with impunity if April fools day legally waives all liability.
I'm genuinely not sure where this would fall.
@jar You had me in the first half..
At least this has a date. I generally hate April Fools' Day joke articles, as from tech companies at least, they often include some plausible elements, and when you accidentally find it in a search several years later it's not at all obvious that the "article" is supposed to be a "joke". Sometimes even on those that had a date, by then it's formatted as "2 years ago" or something else equally unhelpful.
Just to be clear, I'm not being overly critical of the author of this specific incident, it's funny. I'm just wondering about the legality surrounding publishing articles like this on this specific day.
To me, it seems like you could end up in court over something like this, even if the intent wasn't to damage the company's reputation or cause financial loss.
I don't think Wordpress is going to sue this guy, but just considering the possibility of it should an April fools joke actually cause tangible damage to a company's reputation or financials.
I certainly agree that one could certainly move into a risky gray zone with a well-crafted, serious-sounding text
This is why companies tend to avoid posting April Fools' texts about other companies
In this particular case, I don't think that Patchstack is or would be at risk, but perhaps I'm mistaken about this. But it's amusing to see how ChatGPT was fooled as well
An additional twist is that this isn't a blog entry by a random guy somewhere but rather Patchstack, who specialize in WordPress security
All in all, it's rather ingenious
I didn't actually realise it was an individual that wrote it. As I read it on April 2nd anyway, I read the first paragraph and thought "Huh? i thought WP was open source, perhaps there's some compiled bit for authentication or something" and then stopped reading because I don't really have any interest in WP anyway.
Oh noooooo
Holycow! I START PANICKING!