Archive for 'WordPress'
How to Hide WordPress Internal Path
Question: Recently I scanned my website for malware using Sucuri’s Site Scanner, and while my site came back clean, I noticed there was a warning about “Wordpress internal path”… Should I be concerned about this warning? Answer: Yes and no. According to Sucuri’s documentation, such warning is a low level severity warning. It is not
WordPress 3.4.1 Maintenance and Security Release
WordPress 3.4.1 Maintenance and Security Release WordPress has just pushed out a maintenance and security release that addresses 18 bugs introduced in 3.4. Here's the highlight: WordPress users, log into your admin dashboards and update NOW! Side note: If for whatever reason you had not upgraded to WordPress 3.4 and are still using WordPress 3.3,
How To Stop The Hacker By Hardening WordPress
How To Stop The Hacker By Hardening WordPress This is a presentation put together by Sucuri. The emphasis on the presentation is on empowering the end-user with as many tools as possible to make them more effective at protecting themselves. You can find a summary of the presentation in Sucuri’s post. Word camp orange county
WordPress Plugins with Security Vulnerabilities
+Regina Smola – WP Security Lock has put together a list of #WordPress plugins with security vulnerabilities. Some of the plugins mentioned were also on the list that I did for the uploadify.php vulnerability, and there are some new ones. If you’re using any of the plugin mentioned, be sure you update to the latest
WordPress 3.3.1 or Older
Exploit Alert: Comment Posting Forgery
Exploit: wp-comments-post.php (WordPress 3.3.1 or older) What is it? Comment Posting Forgery (Cross Site Scripting (XSS)) How is it being used in WordPress? wp-comments-post.php is part of WordPress’ core file set. Why is it dangerous? wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS)
Custom Page Templates Gone
after WordPress 3.4 Upgrade
Update 6/27/2012: This issue has been fixed in WordPress 3.4.1. Question: After upgrading my WordPress site to 3.4, the latest version, the custom page templates that came with my theme have disappeared!!! Under Page Attributes –> Template in Edit Page I only get the “default template” for all my Pages, and it’s breaking my site!
WordPress 3.4 is Here! And Facebook Plugs In
WordPress 3.4 is Here! And Facebook Plugs In First off, WordPress 3.4, codename “Green”, has officially been released to the public. In this update of the popular blogging (and content management) platform, the biggest change is the theme customizer which “allows you to play around with various looks and settings for your current theme or
In-Depth WordPress Security Tips
In-Depth WordPress Security Tips We all love WordPress, you know it. Not only it’s a great blogging platform, its flexibility and scalability in functionality and design — and it’s ease of use — makes it a desirable platform for many small businesses who need a easy-to-manage website or Content Management System (CMS). But WordPress has
WordPress Exploit Alert: Uploadify.php
Exploit: Uploadify.php What is it? Unrestricted File Upload Exploit. As OWASP explains, The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step. How
Serious Remote Exploit Found in All WooThemes
Serious Remote Exploit Found in All WooThemes I first saw a post on Gits via a Hacker News tweet 3 days ago: There was a bug in WooThemes’ WooFramework that allowed any website visitor to run and see the output of any shortcode. This was a serious issue because the bug gave unauthenticated visitors the