WordPress is pretty secure and they release updates periodically to fix loopholes, to stay safe you should always make sure to upgrade to the latest version of the software whenever they are available.
[Continue Reading...]
(7 votes, average: 4.43 out of 5)
Loading ...Weren’t we just talking about upgrading to the latest and greatest version of WordPress just yesterday?
Well today Ryan Boren has just posted at the WordPress.org blog about the release of the WordPress 2.8.3 Security Release. As he mentions in the posting this fix is related to the privilege escalation issues in version 2.8.1.
What he says next is the real reason why WordPress is so popular and well supported:
Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3.
Ryan is right – it is the community that looks after each other. Where else would you have such a diverse and talented group who points out any issues instead of just taking them public even though it would draw a lot of attention and maybe fame for themselves? How easy might [...]
[Continue Reading...] (9 votes, average: 4.89 out of 5) Loading ...Mark Jaquith recently posted over at the WordPress.org blog that the WordPress 2.0.x Legacy Branch is Deprecated – in other words retired and no longer supported for the most important aspect – security updates. It had gotten a little long in the tooth as it was published back in late December 2005.
However, WordPress 2.0 was revolutionary in many ways. Think back to WordPress 2.0 and how that changed WordPress as we knew it at the time. Some of those changes we now take for granted included:
Completely Redesigned Backend
Included Spam and Backup Plugins
Inline Uploading
Faster Posting
Post Preview
User Roles labelled
Header Customization
WordPress 2.0 certainly set us on the path to the WordPress we know and love today. Congratulations 2.0 on a terrific service life – rest in peace “Duke”.
Time For An Upgrade?
What does this mean for you as an individual blogger, website developer or site admin? Well the first thing it means in my [...]
(3 votes, average: 3.67 out of 5) Loading ...I did a post for a Antivirus plugin for WordPress, several users commenting about different plugins that improve the security of WordPress, so I decided to sum up some of the plugins that provide security and comment spam protection for WordPress blogs.
[Continue Reading...] (6 votes, average: 5.00 out of 5) Loading ...Antivirus for WordPress is a useful plugin that will scan your templates and also can monitor it on a daily basis for malicious injections in the themes.
[Continue Reading...] (9 votes, average: 5.00 out of 5) Loading ...Like most of you, I have experimented with many WordPress plugins. I have seen a lot of great plugins and also a lot of bad plugins. I am a bit of a WordPress plugin developer myself, and I admit that I borrow many ideas from other good WordPress plugins. From that experience I have consolidated these good ideas into a checklist that you can follow when reviewing or coding a new WordPress plugin. Here are my picks of the top characteristics that make a great WordPress plugin.
10. Easy Installation
I have seen plugins that require you to modify code after plugin activation to be able to get it to work properly. The instructions were documented clearly in the readme.txt file, but most of the users seem to have missed it (I could tell from the frustration in the plugin support thread). Not everybody reads the [...]
(12 votes, average: 5.00 out of 5) Loading ...Many sites across the blogosphere are reporting a fake website that is distributing a backdoored version of WordPress. Though these are few and far between, it behooves all users to be careful when downloading any kind of code to run on their blog. The Register report contains an update from Peter Westwood (a WordPress lead dev) about the code being distributed and his suggestions on how to avoid being duped. Though the fake site is down now and If you believe that you might have been the victim of this site, please download a fresh copy of WordPress from WordPress.org and upgrade your blog to be safe.
I personally follow a few simple rules to make sure that I never fall for a social engineering or covert code trap on my blogs.
Always download core WordPress code from http://WordPress.org. Type the link into your browser address bar rather than following a link [...]
[Continue Reading...] (20 votes, average: 4.40 out of 5) Loading ...WordPress 2.6.2.: This release is in response to a recent warning to developers from Stefan Esser about the dangers of SQL Column Truncation and weaknesses of mt_rand(). The issue at hand that forced the release is discussed in detail on the WordPress.org blog post linked above. Basically the attack is complex, is dependent on open registration being turned on in your blog, but can be executed in theory and turns out to be more of an annoyance than an actual exploit.
If you have open registration on your blog, the WordPress.org team recommends that you upgrade your install to WordPress 2.6.2 A handful of other fixes are also included in this upgrade. Here is a list of changed files.
(1 votes, average: 4.00 out of 5) Loading ...S@BUN is at it again, this time, reporting multiple SQL Injection Vulnerabilities within the Photo Album plugin for WordPress. According to the security bulletin:
Multiple vulnerabilities have been identified in Photo Album (plugin for WordPress), which could be exploited by remote attackers to execute arbitrary SQL queries. These issues are caused by input validation errors in the “wppa.php” script when passing user-supplied parameters (e.g. “photo” or “album”) to certain functions (e.g. “wppa_album_name()” or “wppa_photo_name()”), which could be exploited by malicious people to conduct SQL injection attacks.
Multiple security advisory services places this round of vulnerabilities as a Moderate Risk. For example, FrSIRT describes the Moderate risk as being:
Remotely and locally exploitable flaws, which could lead to denial of Service or privilege escalation.
Versions 1.1 and prior of this plugin are vulnerable. As always, it is recommended that you disable this plugin until a patch for it is released.
[EDIT] Version 1.1 is a [...]
(11 votes, average: 4.55 out of 5) Loading ...
Obviously Powered by WordPress. © 2003-2010 MidOut LLC
