Like the blog? Get the book »

Host Header Injection Fix

On certain server setups, WordPress is vulnerable to an email interception attack. Basically WP uses the $_SERVER['SERVER_NAME'] variable for the "From" header in email notifications. On certain systems this can be exploited by an attacker to gain access to your site. This issue has been known about since WP 2.3, but nothing has been done about it. So I decided to write a plugin to fix it up.

Advertise Here

Sign up for the newsletter!

Never spam, only good stuff

Recent posts

Loading...

Random posts

Loading...
© 2009–2017 Digging Into WordPress Powered by WordPress Monzilla Media shapeSpace