Posts Tagged ‘plugins’

Newer Entries »

Login LockDown WordPress plugin Review

Saturday, September 19th, 2009

WordPress Plugin Review

WordPress Plugin Review

This review is made for Login LockDown v.1.5 WordPress plugin.
Date of review: 19th September 2009
Rating: 4.0
Author profile: Michael VanDeMar
WordPress plugin directory link: Login LockDown

According to author’s description Login LockDown WordPress plugin adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Plugin records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that IP range. This helps to prevent brute force password discovery.
After testing and using it on live site I confirm that Login LockDown WordPress plugin really has functionality declared by its author. But plugin has some security and usability issues.

Read the rest of this entry

Tags: , ,
Posted in Security, WordPress | 21 Comments »

Is new installed WordPress plugin package clean?

Saturday, August 29th, 2009

Security

Security


In this post I wish to talk about cleanness of WordPress plugin’s packages. I name package clean if it doesn’t contain any unnecessary files inside. Unnecessary files together with garbage issue can lead to the real security problem. Let’s take my last download as an example. It is a well known WordPress plugin WP-Forum produced by Fredrik Fahlstad. In case if somebody is new to this plugin, this is the simple discussion forum plugin for WordPress. You can download this plugin from Frederik site http://fahlstad.se/wordpress/plugins/wp-forum/.
I went to the plugin’s home page http://www.fahlstad.se/wp-plugins/wp-forum/ and downloaded a 2.4 version installation package.
Inside this package .zip file in addition to core plugin code files we can see:

Read the rest of this entry

Tags: , , ,
Posted in Security, WordPress | No Comments »

Silence is golden

Friday, August 28th, 2009

Silence is golden

Silence is golden


Is your new WordPress plugin secure? Did you see the small 30 byte size only index.php file in such WordPress folders as wp-content, wp-content/themes? It is placed there by WordPress developers for the security reason. The explanation is obvious: if somebody input in his browser the URL like
http://www.yourblog.com/wp-content/plugins/
he could not see the full folder content, its subfolders and files list. Of course there are some other methods to hide directory list from visitors, for example it can be done with .htaccess directive but this (empty index.php file) way is the most simple and straightforward one.
Some of WordPress plugins developers ignore this issue and don’t put such empty index.php file into theirs plugins folders and subfolders.
It is highly recommended that you check this file presence at the new installed plugin folder and its subfolders after every new WordPress plugin installation. Put this index.php file

<?php
// Silence is golden.
?>

there yourself if plugin’s author missed it.
I made a plugin to make this job automatically. You can read about it at Silence is Golden Guard WordPress Plugin. Download link is available there also.

Tags: , ,
Posted in Security, WordPress | 11 Comments »

Newer Entries »