Silly question, right? alas, i want an absolute answer,

Here's the sitch:

We Built a website for any client who had been using DreamHost his or her provider, against our better judgement and advisement. The customer used DreamHosts One-Button-Install of WordPress, 3. In my opinion.

Within the hurry to find the site done, the Authentication Secrets and Salts within the wordpress-config.php were left because the default phrase, 'put your specific phrase here' or whatever.

It's my current understanding according to the Wordpress Codex these secrets are utilized to add security towards the customers snacks.

Nonetheless, within per month, for reasons uknown the site's database just purged. not the data_schema, only the entire Wordpress tables. Also strange could be that the DreamHost backup copies for your database counseled me empty too.

The customer known as, we investigated it, however, you can't call DreamHost, then your client found the default Auth Secrets in position, and started maintenance pitchforks / lighting torches, etc.

So my Real question is this, could it be even possible to get into the database knowing that the authorization secret is left in the default phrase?

I have carried out a comprehensive search, but alas uncovered nothing that clearly states otherwise.

Many thanks Stack Overflow, to keep me from the burning pyre.

They'd have to know the consumer and password from the database, as well as then I am confident the Wordpress config default auth strings aren't human readable like 'put your specific phrase here' as with your example (from memory, I believe that seems said out at risk above), but they are really GUIDs. Therefore, unless of course Wordpress uses exactly the same default GUIDs in each and every zip package, I wouldn't presume that's the reason.