Archive for the ‘Security’ Category
Limit Comments moderation, part 2
Sunday, April 22nd, 2012– how to show comments to the user with ‘Author’ role from his posts only;
– how to exclude unneeded views from ‘Comments’ page, left just ‘Approved’ for example.
WordPress 3.3.2 Security Update
Sunday, April 22nd, 2012– Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
– Cross-site scripting vulnerability when making URLs clickable.
– Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
Full list of changes made in version 3.3.2 is available here.
PHP delevelpers could see changes in source code directly using this link.
If you didn’t install this update yet, consider to do it right now. It’s very important to defend your lovely blog as much as possible.
WordPress 3.3.1 Security Update
Tuesday, January 3rd, 2012WordPress 3.3.1 is available from January 3rd, 2012. Version 3.3.1 is a security update and fixed 15 bugs. While I didn’t meet any bugs in version 3.3 myself (and you?) I have updated my blogs as soon I got message about this security update (it fixes a cross-site scripting vulnerability that affected version 3.3) available. The same thing is highly recommended for other WordPress blog owners.
Do not wait when hackers exploit existing vulnerability, update your WordPress installation today, do not allow bad guys to use old and already closed black doors to your sweet WordPress blog home.
For more information, see the oficial release notes.
Phishing email to steal PayPal account
Saturday, December 3rd, 2011First of all remember, on what email you PayPal account is registered and look, on what email you got this message. Other one? Do not worry about it. Investigate it together with me, just for pleasure, and delete. 2nd, thing we should always check from what email such message was sent. My email client shows ‘PayPal <support@pula.net>’. Is it from paypal.com domain? No. Delete this message.
Ultimate Security Checker WordPress plugin review
Saturday, October 22nd, 2011As WordPress blog owner spending hours on its content you should concern about your product security. In other case it’s possible to lose all that hard earned content in a minute. There are a lot of malicious software bots and damn headless young crackers permanently trying to hack our blogs. And if it’s easy to restore original content from the fresh backup copy (do you have it?), it’s more complex (if possible at all) to restore the lost reputation in case your blog was used as spammer base or showed some bad content after hack incident.
Are you sure that your loving blog is secure?
Ultimate Security Checker WordPress plugin is the tool which could check your blog for security issues and recommend how to fix them. At the moment this review version 2.7.0 is available at WordPress repository. I tested it successfully with WordPress versions 3.2.1 and 3.3 Beta. What does “Ultimate Security Checker” offers to its user?
Security Warning From WordPress Team
Wednesday, June 22nd, 2011Hello, dear readers!
Let me to spread the word of WordPress team in case you don’t read the WordPress development blog. June 21th, 2011, Matt Mullenweg published at WordPress development blog post with “Reset Password” title. You can read full copy below or visit its original page.
“Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.
Lockdown WP Admin plugin review
Saturday, June 18th, 2011“Lockdown WordPress Admin” or shortly “Lockdown WP Admin” plugin for WordPress is one of plugins concerned WordPress security enhancement. You can locate it at the WordPress repository. Plugin author is Sean Fisher. Last version available for the moment of writing this review is 1.6.
Lets go and see step by step what this plugin offers to the WordPress adminstrator to make WordPress more secure.
1st, “Lockdown WP admin” hides wp-admin directory from the un-logged-in visitor. Such visitor will get 404 page not found HTTP error in its browser if he requests http://yourblogdomain/wp-admin/ URL.