WordPress Configuration File Detected

Summary#

Invicti detected a possible WordPress configuration file.

Impact#

WordPress configuration files may often contain sensitive information such as database credentials.

Remediation#

The configuration file should be manually investigated to ensure that no sensitive information has been leaked. It should then be removed or made inaccessible. If the configuration file contained valid credentials, those should be changed immediately and any unauthorized access should be investigated.

Classifications#

ISO27001-A.18.1.3, PCI v3.2-6.5.8, OWASP 2013-A7, HIPAA-164.306(a), 164.308(a), CAPEC-87, WASC-34, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, CWE-425, OWASP 2017-A5

WordPress Configuration File Detected

Related Articles

Build your resistance to threats. And save hundreds of hours each month.