Posts Tagged ‘security’

WordPress 3.4.2 Released

13
responses
by
on
September 6th, 2012
in
WordPress, WordPress News

WordPress 3.4.2 has been released. Along with the security fixes, this release addresses almost 20 bugs, including better support for older browsers in the administration area and improved plugin compatibility with the visual editor. This is a security release, so it is recommended for all users. If you run into trouble with WordPress 3.4.2, stop by the master list of known issues and post to the support forums if your problem isn’t covered there.

[Continue Reading...]

Free eBook: Locking Down WordPress

9
responses
by
on
July 15th, 2012
in
WordPress, WordPress Security

The latest free WordPress eBook from Code Poet has arrived, Locking Down WordPress. This new eBook from Rachel Baker, Brad Williams, and John Ford, will show you how to secure your WordPress installation and take care of it when things get out of hand. Security should be one of your fore-most concerns with any website, and this eBook is free and available in PDF, EPUB, and Kindle formats, so get it while it’s hot!

[Continue Reading...]

WordPress 3.4.1 Released

16
responses
by
on
June 27th, 2012
in
WordPress, WordPress News

WordPress 3.4.1 has been released. Besides fixing a few security issues, this release fixes 18 other bugs, including issues with page template detection, category permalinks, and compatibility with certain server setups. At the time of the announcement, WordPress 3.4 had been downloaded 3 million times since its release two weeks ago! It’s a startling achievement, and as many folks often wait for the first point release, that is sure to continue growing now that 3.4.1 is out. This is a security release, so it is recommended for all users. If you run into trouble with WordPress 3.4.1, stop by the master list of known issues and post to the support forums if your problem isn’t covered there.

[Continue Reading...]

TimThumb Vulnerability Still in the Wild

5
responses
by
on
April 10th, 2012
in
WordPress

The TimThumb vulnerability is still in the wild as another major site fell victim to it just yesterday. As sad as this situation may be, it just goes to show that some sites may still be running the infected script even after news of the vulnerability broke over six months ago. Like the old saying, there’s no time like the present, and now is the perfect time to install and run the TimThumb Vulnerability Scanner and Exploit Scanner plugins. If you are at all confused by the results of either of these scanners, the kind folks at the WordPress Support Forums will be more than happy to help you.

[Continue Reading...]

WordPress Plugin Security Showdown

No
responses
by
on
September 17th, 2011
in
WordPress Plugins

It’s the weekend, time to work on your next WordPress plugin, but are you following the right security practices? At this year’s WordCamp San Francisco, core developers Mark Jaquith and Jon Cave, along with developer and author Brad Williams, covered some of the best security practices for plugin development and offered some real-life examples of just how easy it is to turn a world-class plugin into a crippling vulnerability. “One of the greatest things about WordPress plugins is they can do anything, and one of the most frightening things about WordPress plugins is they can do anything.” ~ Mark Jaquith

[Continue Reading...]

Easily Find and Fix Vulnerable Instances of TimThumb

2
responses
by
on
September 7th, 2011
in
WordPress, WordPress Security

If you’re worried about the recent TimThumb security vulnerability, but haven’t had a chance to see if you’re affected, identifying and fixing vulnerable instances of TimThumb just got a whole lot easier thanks to a new plugin from Peter Butler. Now, all you need to do is install and activate this plugin, run the scanner from the new Tools -> Timthumb Scanner section in your Dashboard, and click the Fix button to repair any vulnerabilities that are found.

[Continue Reading...]

TimThumb Security Vulnerability

6
responses

A zero day vulnerability has been found in TimThumb, a popular image resizing script used by several WordPress themes. The person who discovered the vulnerability has issued a fix and instructions to detect any lingering hacks. As described on the VaultPress blog, “The vulnerability allows third parties to upload and execute arbitrary PHP code in the TimThumb cache directory. Once the PHP code has been uploaded and executed, your site can be compromised however the attacker likes.” The folks at Sucuri have constructed a great list of just a few affected WordPress themes, just to give you idea of how many themes use TimThumb. If your theme uses TimThumb, contact your theme author for an update immediately, or download the latest version if it has already been updated. If your theme author is not willing to offer an update, it’s probably time for a new theme, but you can also […]

[Continue Reading...]

WordPress 3.1.3 and 3.2 Beta 2 Released

5
responses
by
on
May 26th, 2011
in
WordPress, WordPress News

WordPress 3.1.3 and 3.2 Beta 2 have been released. Both releases include a number of security fixes and are recommended for all users. WordPress 3.2 Beta 2 also introduces support for Google Chrome Frame, an enhanced blue Dashboard color scheme, and a new version of jQuery. Don’t delay, upgrade today!™ And, if you run into problems, contact the WordPress Support Forums.

[Continue Reading...]

WordPress 3.1.2 Released

2
responses
by
on
April 26th, 2011
in
WordPress, WordPress News

WordPress 3.1.2 has been released and “addresses a vulnerability that allowed Contributor-level users to improperly publish posts,” while also fixing a few bugs. You should be able to upgrade automatically from the Dashboard -> Updates section of your blog’s Dashboard, but you can also upgrade manually if you run into trouble.

[Continue Reading...]



Obviously Powered by WordPress. © 2003-2013

css.php