Like the blog? Get the book »

Host Header Injection Fix

Posted by Jeff Starr on

On certain server setups, WordPress is vulnerable to an email interception attack. Basically WP uses the $_SERVER['SERVER_NAME'] variable for the “From” header in email notifications. On certain systems this can be exploited by an attacker to gain access to your site. This issue has been known about since WP 2.3, but nothing has been done about it. So I decided to write a plugin to fix it up.

Digging Into WordPress Version 6.5 “Like the blog? You’re gonna love our book.” WP 6.5

Search the site

Advertise Here
Advertise at DigWP.com

Sign up for the newsletter!

Never spam, only good stuff
Wizard's SQL Recipes for WordPress
Banhammer Pro

Categories

The Tao of WordPress

Recent posts

Loading...
Get More
USP Pro

Random posts

Loading...
Refresh
.htaccess made easy

Top Tags

WordPress Themes In Depth

Subscribe

Welcome

DigWP.com is home for the book, Digging Into WordPress, written by Chris Coyier and Jeff Starr. Here you will find lots of awesome free WordPress resources, themes, and techniques to improve your site. Check us out for high-quality tutorials, tricks, tips and much more.

Look around..
Code is poetry
© 2009–2024 Digging Into WordPress Powered by WordPress Monzilla Media shapeSpace