@thecodingdude actually LOOK at your WP-config file.
You’ll notice ‘DBPASS’ is stored as a one time hash?
Do you know what that means?
/** MySQL database password */
Why don’t you try it?
Since when does anyone have their wp-config file configured with the password stored as plain text such as:
I really don’t know if you’re being serious?
[Edit] I just got what you meant…
Why would you give someone your passwords in the first place? o0
The same reason people eat at McDonalds. Speed and price. Everybody knows it’s garbage, but people use it anyways.
And so it begins…
Up next: iOS vs. Android.
Thecodingdude saidThat’s how all php cms work, you need to set db password somewhere. If somebody has access to your filesystem then you’re just screwed and can’t really blame wordpress for that.
Remote exploits have been found in core files but much less frequently than other popular cms like joomla just to name one. The real problem are themes and plugins coded without any security check.