Archive for 'WordPress'

WordPress 3.7 “Basie” is here!

Posted at Oct 24, 2013 | Posted in  WordPress | By IT Pixie | No comments

It’s that time of the year/month/week/day again… Time to update your WordPress install! The good folks at has just released the latest version of WordPress, codenamed “Basie”.  This release features some important architectural updates, including the following biggies: That automatic updates thing is a big one, since many of WordPress users are either too

{ Read More }

WordPress 3.6 “Oscar” is here!

Posted at Aug 11, 2013 | Posted in  WordPress | By IT Pixie | No comments

Barely a month since WordPress 3.5.2 was released, WordPress 3.6, codenamed “Oscar” after the jazz pianist Oscar Peterson, went live on August 10. This release is fully loaded with tons of new and/or improved user features, which include: And if you are a WordPress developer, you will find: And of course you can find more

{ Read More }

WordPress 3.5.2 is here!

Posted at Jun 21, 2013 | Posted in  WordPress | By IT Pixie | No comments

The WordPress collective has just released version 3.5.2, which includes bug fixes and security fixes.  Here are the security fix highlights: Since hackers like to exploit unpatched vulnerabilities in software, and WordPress is a software, it’s crucial that you update your WordPress install ASAP.  It’s time to back up your files and database and hit

{ Read More }

WordPress Brute-Forced!

Posted at Apr 12, 2013 | Posted in  Cyber Security, WordPress | By IT Pixie | No comments

In the last couple of days, I received many invalid login alerts from one of my clients’ WordPress site — Someone was trying, desperately, to log into my client’s WordPress dashboard using invalid usernames and/or passwords.  The “desperation” (i.e. large number of login attempts within a very short period of time) and the fact that

{ Read More }

WordPress 3.5.1 is Out!

Posted at Jan 28, 2013 | Posted in  WordPress | By IT Pixie | No comments

It’s WordPress update time! WordPress 3.5.1 was released a few days ago, and this is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Here is the highlight of what’s new: This release also addresses the following security issues: For a full list of

{ Read More }

Hide Your WordPress Login from Author Archive

Posted at Oct 26, 2012 | Posted in  WordPress | By IT Pixie | 15 Comments

Did you know your WordPress login username can be leaked quite easily via author archive page’s permalink? The important part here is /author/username/, as this is where your login username could be leaked. How This Works… When you create a new user on your WordPress site, you assign this user a username for login purposes. There

{ Read More }

WordPress Plugin Exploit Alert: Wordfence Security

Posted at Oct 24, 2012 | Posted in  Cyber Security, Google+ Posts, WordPress | By IT Pixie | No comments

Secunia has reported a XSS vulnerability in WordPress security plugin Wordfence Security, which can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. The vulnerability affects versions 3.3.5 and prior, and has been patched in the latest version (3.3.7).  If you’re using this plugin, please

{ Read More }

WordPress Exploit Alert: Themes with XSS Vulnerability

Posted at Oct 10, 2012 | Posted in  Cyber Security, Google+ Posts, WordPress | By IT Pixie | 1 Comment

Finnish product security professional and a penetration tester, Janne Ahlberg, discovered a cross-site scripting (XSS) vulnerability in several WordPress themes.  This vulnerability can be used to remotely execute JavaScript code on the site where the theme is installed. The WordPress themes in questions are: They are all from the developer Parallelus, and they are sold through If you

{ Read More }

Malware Targeting WordPress Pluggable.php

Posted at Aug 15, 2012 | Posted in  Cyber Security, Google+ Posts, WordPress | By IT Pixie | No comments

One of WordPress' core files, /wp-includes/pluggable.php has been targeted as host to a malware payload, according to a security company +Sucuri LLC.  What this means is while it is not a vulnerability in WordPress' code, the following malicious code is getting inserted into pluggable.php. Once the malicious is inserted, it then attempts to load more

{ Read More }

Hacked Reuters site had outdated WordPress install

Posted at Aug 06, 2012 | Posted in  Google+ Posts, WordPress | By IT Pixie | 2 Comments
Reuters's blogging site hacked

Update 8/17/2012: Reuters’s blog has been hacked again! After the first hack, they still didn’t update their WordPress install. While it is still unclear if the hackers got in (again!) via the outdated version of WordPress, you would think Reuters’ people would patch and update right the way. Reuters’ blogging site ( was hacked last

{ Read More }