WordPress博客的绝对路径泄露漏洞及修复方法
<p>某天用360的漏洞检测,总共用了56分钟才检测完。<br />检测结果如图:<br /><br /><img style="max-width:100%!important;height:auto!important;"alt="" src="https://zhuji.jb51.net/uploads/allimg/20250613/1-2506131HU2451.png" /><br />漏洞修复<br /><br />漏洞文件:(根据报警信息,修改这些文件,并不是每个人都一样)<br /><br />1、/wp-includes/registration-functions.php<br />2、/wp-admin/admin-functions.php<br /><br />修复方法一:在以上文件的的头部 error_reporting(0);<br /><br />修复方法二:找到/wp-includes/registration-functions.php文件将代码:<br /><br /> </p><p>复制代码</p>
<p>代码如下:</p>
<p><br />/**<br />* Deprecated. No longer needed.<br />*<br />* @package WordPress<br />*/<br />_deprecated_file( basename(__FILE__), ‘2.1’, null, __( ‘This file no longer needs to be included.’ ) );</p>
<p>全部改成:<br /> </p>
<p>复制代码</p>
<p>代码如下:</p>
<p><br />* Deprecated. No longer needed.<br />*<br />* @package WordPress<br />*/<br />@_deprecated_file( basename(__FILE__), ’2.1′, null, __( ’This file no longer needs to be included.’ ) );</p>
<p>修复方法三:进入PHP.INI禁用PHP报错。</p>
頁:
[1]