Running a server can be difficult and it is very easy to leak important credentials. Much easier than you want it to be. I ended up leaking a dangerous file from one of the WordPress websites I manage, named ‘wp-config.php.save’ to the public internet. It contained passwords to the site database, cookie keys and cookie salts. This created a couple issues, namely the fact that anyone who could access the database server could have had full write permissions. There are a couple reasons why I don’t think this happened, and most of them are due to great default protection by Azure, so I got extremely lucky. I am going to dive in to the events leading up to the incident and then what I did to resolve it.

The moral of this story is don’t trust client side analytics.

I enable uBlock Origin (a tracking/ad blocker) on ethohampton.com. Seriously, on my own website. I don’t even have ads that I might need to block. So why, you might ask don’t I have my own domain on my unblocked list?