WP-phpmyadmin Plugin Poses a Huge Security Risk

Big surprise, right? Why in the world anybody would be using a plugin called WP-phpmyadmin is beyond me, but reports are our that many sites are being hacked through it. Formerly housed at wordpress.org/extend/plugins/wp-phpmyadmin/, this plugin has already been pulled from the WordPress repository. If for some reason you’re using this plugin, delete it now.

Today our tip is this; do not install plugins that expose server information. If you absolutely have to use a plugin like this for a quick one time task, (really I can’t imagine why this would be necessary), make sure to delete it once you’re finished.