Archive for the ‘Security’ Category

Limit Comments moderation, part 2

Sunday, April 22nd, 2012

Limit comments moderation part 2

Limit comments moderation 2

We have discussed couple of tricks to limit comments moderation in this post already and know how to hide comments moderation links and commands from user. In this post we will see:
– how to show comments to the user with ‘Author’ role from his posts only;
– how to exclude unneeded views from ‘Comments’ page, left just ‘Approved’ for example.

Read the rest of this entry

WordPress 3.3.2 Security Update

Sunday, April 22nd, 2012

wordpress 3.3.2 security update

WP security update

WordPress published version 3.3.2. It is critical security update. According to WordPress Developers Blog, three external libraries included in WordPress (Plupload, SWFUpload, SWFObject) received security updates. WordPress 3.3.2 also addresses:
– Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
– Cross-site scripting vulnerability when making URLs clickable.
– Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
Full list of changes made in version 3.3.2 is available here.
PHP delevelpers could see changes in source code directly using this link.
If you didn’t install this update yet, consider to do it right now. It’s very important to defend your lovely blog as much as possible.

Read the rest of this entry

WordPress 3.3.1 Security Update

Tuesday, January 3rd, 2012
WordPress version 3.3.1

WordPress version 3.3.1

WordPress 3.3.1 is available from January 3rd, 2012. Version 3.3.1 is a security update and fixed 15 bugs. While I didn’t meet any bugs in version 3.3 myself (and you?) I have updated my blogs as soon I got message about this security update (it fixes a cross-site scripting vulnerability that affected version 3.3) available. The same thing is highly recommended for other WordPress blog owners.
Do not wait when hackers exploit existing vulnerability, update your WordPress installation today, do not allow bad guys to use old and already closed black doors to your sweet WordPress blog home.

For more information, see the oficial release notes.

Phishing email to steal PayPal account

Saturday, December 3rd, 2011

Phishing email - original image is Pilibosian

Phishing email

Checking email today morning I got warning about my PayPal personal information change. 1st thought which I should have: “Oh, my God! Someone compromised my PayPal account. I should go there and check, as fast as possible. Oh, I see paypal link right here in email text. Click it, input login credentials to check my account…”. Can you have such thoughts in similar situation? I think you can. Do not hurry. This is very important at such moment – do not make stupid things. Scammer wait you will go this way and act by his scenario. Do not become a victim.
First of all remember, on what email you PayPal account is registered and look, on what email you got this message. Other one? Do not worry about it. Investigate it together with me, just for pleasure, and delete. 2nd, thing we should always check from what email such message was sent. My email client shows ‘PayPal <>’. Is it from domain? No. Delete this message.

Read the rest of this entry

Ultimate Security Checker WordPress plugin review

Saturday, October 22nd, 2011

Ultimate Security Checker WordPress plugin

Ultimate Security Checker

As WordPress blog owner spending hours on its content you should concern about your product security. In other case it’s possible to lose all that hard earned content in a minute. There are a lot of malicious software bots and damn headless young crackers permanently trying to hack our blogs. And if it’s easy to restore original content from the fresh backup copy (do you have it?), it’s more complex (if possible at all) to restore the lost reputation in case your blog was used as spammer base or showed some bad content after hack incident.
Are you sure that your loving blog is secure?
Ultimate Security Checker WordPress plugin is the tool which could check your blog for security issues and recommend how to fix them. At the moment this review version 2.7.0 is available at WordPress repository. I tested it successfully with WordPress versions 3.2.1 and 3.3 Beta. What does “Ultimate Security Checker” offers to its user?

Read the rest of this entry

Security Warning From WordPress Team

Wednesday, June 22nd, 2011

Security Warning From WordPress Team

Security Warning

Hello, dear readers!
Let me to spread the word of WordPress team in case you don’t read the WordPress development blog. June 21th, 2011, Matt Mullenweg published at WordPress development blog post with “Reset Password” title. You can read full copy below or visit its original page.

“Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.

Read the rest of this entry

Lockdown WP Admin plugin review

Saturday, June 18th, 2011

Lockdown WP Admin plugin review

Lockdown WP Admin

“Lockdown WordPress Admin”
or shortly “Lockdown WP Admin” plugin for WordPress is one of plugins concerned WordPress security enhancement. You can locate it at the WordPress repository. Plugin author is Sean Fisher. Last version available for the moment of writing this review is 1.6.
Lets go and see step by step what this plugin offers to the WordPress adminstrator to make WordPress more secure.
1st, “Lockdown WP admin” hides wp-admin directory from the un-logged-in visitor. Such visitor will get 404 page not found HTTP error in its browser if he requests http://yourblogdomain/wp-admin/ URL.

Read the rest of this entry