Posts Tagged ‘Security’
WordPress 3.3.2 Security Update
Sunday, April 22nd, 2012– Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
– Cross-site scripting vulnerability when making URLs clickable.
– Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
Full list of changes made in version 3.3.2 is available here.
PHP delevelpers could see changes in source code directly using this link.
If you didn’t install this update yet, consider to do it right now. It’s very important to defend your lovely blog as much as possible.
delete_themes WordPress user capability
Monday, March 19th, 2012delete_themes
user capability. It is clear from its name, isn’t it? You are right. But it is not full true. It’s useful to know, that if you have not switch_themes
capability under single-site WordPress installation, you can not delete selected theme, even if you click ‘Delete’ command from WordPress interface. Interesting? Continue reading and see more detailed description or (if you curious enough) even look inside WordPress core source code together with me.I found
delete_themes
capability in this WordPress core files:– wp-admin\themes.php;
– wp-admin\network\themes.php;
– wp-admin\includes\class-wp-ms-themes-list-table.php;
– wp-admin\includes\class-wp-themes-list-table.php;
– wp-includes\capabilities.php;
– wp-admin\includes\schema.php.
delete_plugins WordPress user capability
Saturday, March 17th, 2012delete_plugins
WordPress user capability allows user to delete not active plugins. Such user has to have access to the “Plugins” menu at WordPress administrator back-end (requires activate_plugins
capability for that). In order to delete plugin user can use plugin row link, which is shown under each plugin name, or bulk action, applied to the selected set of plugins simultaneously.delete_plugins
capability is used inside these WordPress core files:– wp-admin/plugins.php;
– wp-admin/includes/class-wp-plugins-list-table.php;
– wp-admin/includes/schema.php;
– wp-includes/capabilities.php;
Proceed reading if you wish to look inside WordPress core code and get more details.
Block posting to selected categories
Sunday, February 19th, 2012Just copy it and paste it into your active theme functions.php file (wp-content/themes/your-theme/functions.php
) insert ID of categories to block. You can get ID of category at Categories page. Move mouse over ‘Edit’ link of selected category and look on the link at the bottom of your browser. Search ‘tag_ID=’ there. The number to the right of it is the category ID.
Congratulations! That’s all. You got it.
WordPress 3.3.1 Security Update
Tuesday, January 3rd, 2012WordPress 3.3.1 is available from January 3rd, 2012. Version 3.3.1 is a security update and fixed 15 bugs. While I didn’t meet any bugs in version 3.3 myself (and you?) I have updated my blogs as soon I got message about this security update (it fixes a cross-site scripting vulnerability that affected version 3.3) available. The same thing is highly recommended for other WordPress blog owners.
Do not wait when hackers exploit existing vulnerability, update your WordPress installation today, do not allow bad guys to use old and already closed black doors to your sweet WordPress blog home.
For more information, see the oficial release notes.
Phishing email to steal PayPal account
Saturday, December 3rd, 2011First of all remember, on what email you PayPal account is registered and look, on what email you got this message. Other one? Do not worry about it. Investigate it together with me, just for pleasure, and delete. 2nd, thing we should always check from what email such message was sent. My email client shows ‘PayPal <support@pula.net>’. Is it from paypal.com domain? No. Delete this message.
Ultimate Security Checker WordPress plugin review
Saturday, October 22nd, 2011As WordPress blog owner spending hours on its content you should concern about your product security. In other case it’s possible to lose all that hard earned content in a minute. There are a lot of malicious software bots and damn headless young crackers permanently trying to hack our blogs. And if it’s easy to restore original content from the fresh backup copy (do you have it?), it’s more complex (if possible at all) to restore the lost reputation in case your blog was used as spammer base or showed some bad content after hack incident.
Are you sure that your loving blog is secure?
Ultimate Security Checker WordPress plugin is the tool which could check your blog for security issues and recommend how to fix them. At the moment this review version 2.7.0 is available at WordPress repository. I tested it successfully with WordPress versions 3.2.1 and 3.3 Beta. What does “Ultimate Security Checker” offers to its user?