‘WordPress Security’ Category

January 1st, 2010

I was notified on Twitter the other day that there was a new 0 Day denial of service exploit for WordPress. When asking on Twitter if it worked, numerous people replied that the published code did work and was taking down their sites. This raised some red flags for me so I jumped into the WordPress-Dev IRC channel to figure out what was going on.
The way this denial of service attack works is that a random search string is sent to the search form of a WordPress based website. Caching plugins do not work against this because the search string is randomized. It’s quite simple but what I’ve been told is that this is not an issue for WordPress to handle. Instead, this attack should be dealt with by the webhost on a firewall level. At one point, a ticket was created by Scribu but has since been closed as [...]

[Continue Reading...]

(8 votes, average: 2.38 out of 5)

Loading ...

Distributed WordPress Admin Account Cracking

responses

Jeff Chandler

November 30th, 2009

WordPress Security

Bojan Zdrnja has published a post on the SANS Internet Storm Center blog today highlighting a distributed WordPress admin account cracking script. The script was discovered by one of the sites readers on a virtual private server (VPS). The acquired script is written in PHP and performs brute force cracking attempts to WordPress admin accounts.
While this particular version is relatively simple, the power behind the script and the MySQL database allows the attacker to distribute the attacks not only by sites, but also by passwords tried as well.
The article goes into detail explaining how the script works and suggests the typical security precautions such as using strong passwords, changing the admin username and limiting the admin login page to only your IP address. Brute force attacks on WordPress are nothing new but it’s interesting to see this approach using a distributed technique.
Hat tip to WPVibe.

[Continue Reading...]

(6 votes, average: 5.00 out of 5)

Loading ...

Watch Out For The Gumblar Botnet

responses

Jeff Chandler

November 6th, 2009

WordPress Security

According to the blog Unmask Parasites, there is a new version of the Gumblar botnet making the rounds on PHP based websites. Back in May of this year, this malicious botnet was responsible for infecting a large number of websites in a short period of time. This time around however, the Gumblar botnet has buggy code which is leading to a number of infected WordPress sites breaking.
WordPress is a complex web application that comprises more than 200 .php files. When you open any page, WordPress loads index.php which, in turn, loads many other .php files using the require() function. WordPress admin interface also relies on multiple .php files. In all cases, WordPress loads wp-config.php file which contains database credentials and other important information required for normal operation.
So what happens if both index.php and wp-config.php are infected with the gumblar backdoor scripts? Since Gumblar injects identical backdoor scripts into files on [...]

[Continue Reading...]

(8 votes, average: 4.88 out of 5)

Loading ...

Are You Responsible Enough To Run WordPress?

September 12th, 2009

I’m pretty sure by now that you’ve heard about the worm attack on older versions of WordPress. In the trail of destruction, I’ve been reading quite a few blog posts regarding the attacks along with comments attached to those posts and quite honestly, I can’t believe some of the comments I’ve read. One of the most absurd comments I came across stated that upgrading was not an option for them. How on earth do you put yourself in a position where upgrading is not an option? Might as well just leave the door open so the bad guys can come in freely.
Unfortunately, the blame game has come back in full force with those affected generally blaming WordPress, and those not affected blaming users who failed to upgrade in a timely fashion. The bottom line is, the issues that lead to this worm attacking older versions of WordPress was fixed in [...]

[Continue Reading...]

(40 votes, average: 4.58 out of 5)

Loading ...

Old WordPress version? Attack warning. Please upgrade!

responses

Mark Ghosh

September 4th, 2009

Blogging News, WordPress Security

Old WordPress Versions Under Attack: Older version of WordPress are being attacked and characters are being added to the permalinks. Sure signs of the attack include strange characters in your permalinks (single posts do not work) and an extra administrator account in the users control panel which you cannot see. Look for the administrator count in brackets at the top. Is the number there what you would expect on your blog?
Please upgrade your WordPress blog to the latest version ASAP. Our own PluginBlog was vulnerable and was compromised (shame on me for not having upgraded from a really old version). Our blog had registration turned off.
After upgrading your blog and changing your password to a strong one, you can visit Lorelle’s post to find more ways to secure your install and remove the extra admin account that might have been created as part of the attack.
I removed the extra administrator [...]

[Continue Reading...]

(8 votes, average: 4.00 out of 5)

Loading ...

The Correct Way To Report A Security Issue With WordPress

responses

Jeff Chandler

August 12th, 2009

WordPress Security

If you don’t know by now, WordPress 2.8.4 has hit the public and it addresses a mild but hugely annoying issue. There was no advanced warning regarding the vulnerability but it was quickly patched in the core of WordPress for the next release. Unfortunately, word quickly spread and in fact, even my site WPTavern.com was affected by the problem as I received an email letting me know what my new password was even though I didn’t request one. Here are the details regarding the annoyance:
a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very [...]

[Continue Reading...]

(10 votes, average: 4.60 out of 5)

Loading ...

WordPress Version 2.8.3 Security Release

responses

Richard Hay

August 3rd, 2009

WordPress, WordPress Security

Weren’t we just talking about upgrading to the latest and greatest version of WordPress just yesterday?
Well today Ryan Boren has just posted at the WordPress.org blog about the release of the WordPress 2.8.3 Security Release. As he mentions in the posting this fix is related to the privilege escalation issues in version 2.8.1.
What he says next is the real reason why WordPress is so popular and well supported:
Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3.

Ryan is right – it is the community that looks after each other. Where else would you have such a diverse and talented group who points out any issues instead of just taking them public even though it would draw a lot of attention and maybe fame for themselves? How easy might [...]

[Continue Reading...]

(9 votes, average: 4.89 out of 5)

Loading ...

WordPress 2.8.2 Security Update

response

Keith Dsouza

July 20th, 2009

WordPress, WordPress Security

The WordPress team has released WordPress 2.8.2, which fixes a XSS vulnerability. This releases fixes a issue with comment author URLs

[Continue Reading...]

(4 votes, average: 5.00 out of 5)

Loading ...

Security And Anti-spam Plugins For WordPress

responses

Keith Dsouza

June 15th, 2009

WordPress Plugins, WordPress Security

I did a post for a Antivirus plugin for WordPress, several users commenting about different plugins that improve the security of WordPress, so I decided to sum up some of the plugins that provide security and comment spam protection for WordPress blogs.

[Continue Reading...]

(6 votes, average: 5.00 out of 5)

Loading ...