WordPress 2.9.2 Security Update
Posts Tagged ‘Security’
WordPress 2.9.2 Security Update Details
Wednesday, February 17th, 2010Platinum SEO 1.3.2. What is new?
Tuesday, February 16th, 2010
Platinum SEO 1.3.2. What's new?
ChangeLog note at WordPress.org says about some compatibility with WordPress 2.9.1 fix. What was incompatible with WordPress 2.9.1? What was changed in this plugin version really? Do you need to make upgrade for this version? Interested? Proceed reading.
How to change WordPress MU User Role capabilities
Saturday, February 13th, 2010
User roles WordPress MU
As you know WPMU lets to have multiple blogs under single WordPress installation. Blog list is stored in the
wp_blogs database table. We will use blog ID attribute (blog_id field value) from this table. WPMU stores every blog data in the separate database tables set. Every blog data set differs with its blog ID in the name of the database tables, e.g. blog with ID=1 has wp_1_options table, blog with ID=2 has wp_2_options table, etc. So, to get the blog id=1 user roles capabilities from the database we can use this SQL query
How to change WordPress User Role capabilities
Sunday, November 22nd, 2009
User Roles
Every WordPress blog owner knows that WordPress 2.8 and higher user standard roles are: Administrator, Editor, Author, Contributor, Subscriber.
What is the difference? What the “Author” can do but “Contributor” can not? Comprehensive information about it can be found here, at WordPress.org
But where all that data are stored? How to change the role if you really need it? Interested? Read this article and you will get some answers on that questions. Recently I met with the following problem at the multi-authored blog. User with role “Author” can upload images to the blog server, but can not use it in his/her posts. Any HTML tags are immediately removed from post text after “Author” saves his draft or post.
WordPress 2.8.6 Security Release Details
Saturday, November 14th, 2009
Wordpress 2.8.6 Security Release
2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended. The first problem is an XSS vulnerability in Press This. The second problem is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.Is it interesting for you what changes were made in terms of PHP source code? Let’s try to discover WordPress 2.8.6 Security Release details together.
Limit Login Attempts 1.4.1 WordPress Plugin Review
Tuesday, November 10th, 2009
WordPress Plugin Review
Plugin Name: Limit Login Attempts v.1.4.1
Date of review: 10th November 2009
Rating:
Author profile: Johan Eenfeldt
WordPress plugin directory link: Limit Login Attempts
“Limit Login Attempts” WordPress plugin limits the number of wrong login attempts possible through normal login dialog as well as (for WordPress 2.7+) for cookies authentication mechanism.
Login LockDown WordPress plugin Review
Saturday, September 19th, 2009WordPress Plugin Review
This review is made for Login LockDown v.1.5 WordPress plugin.
Date of review: 19th September 2009
Rating:
Author profile: Michael VanDeMar
WordPress plugin directory link: Login LockDown
According to author’s description Login LockDown WordPress plugin adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Plugin records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that IP range. This helps to prevent brute force password discovery.
After testing and using it on live site I confirm that Login LockDown WordPress plugin really has functionality declared by its author. But plugin has some security and usability issues.
