Y
Hacker News
new
|
ask
|
show
|
jobs
by
zener79
3221 days ago
> it allows you to not update immediately to patch a vulnerability, because the site is not the one publicly accessed?
Exactly. You can never update a vulnerable plugin if you don't want to.
1 comments
stephenr
3221 days ago
Right. Doesn't this just make your "admin" site the target then?
link
zener79
3221 days ago
The "admin" lives in a random-generated subdomain, is basic-auth protected and is alive only for the time needed for the editor to make the changes through the dashboard. For the rest of the time WordPress simply doesn't exist.
link
spleenteo
3219 days ago
brilliant
link