Archive for 'WordPress'

How to Hide WordPress Internal Path

Posted at Jul 17, 2012 | Posted in  Ask the Pixie, WordPress | By IT Pixie | 1 Comment
sucuri-scan-result

Question: Recently I scanned my website for malware using Sucuri’s Site Scanner, and while my site came back clean, I noticed there was a warning about “Wordpress internal path”…  Should I be concerned about this warning? Answer: Yes and no.  According to Sucuri’s documentation, such warning is a low level severity warning.  It is not

{ Read More }





WordPress 3.4.1 Maintenance and Security Release

Posted at Jun 27, 2012 | Posted in  Google+ Posts, WordPress | By IT Pixie | 1 Comment
wordpress-3-4-1

WordPress 3.4.1 Maintenance and Security Release WordPress has just pushed out a maintenance and security release that addresses 18 bugs introduced in 3.4.  Here's the highlight: WordPress users, log into your admin dashboards and update NOW! Side note: If for whatever reason you had not upgraded to WordPress 3.4 and are still using WordPress 3.3,

{ Read More }





How To Stop The Hacker By Hardening WordPress

Posted at Jun 23, 2012 | Posted in  Ask the Pixie, Google+ Posts, WordPress | By IT Pixie | No comments
wp-security

How To Stop The Hacker By Hardening WordPress This is a presentation put together by Sucuri.  The emphasis on the presentation is on empowering the end-user with as many tools as possible to make them more effective at protecting themselves.  You can find a summary of the presentation in Sucuri’s post. Word camp orange county

{ Read More }





WordPress Plugins with Security Vulnerabilities

Posted at Jun 22, 2012 | Posted in  Cyber Security, Google+ Posts, WordPress | By IT Pixie | No comments
wp-security

+Regina Smola – WP Security Lock has put together a list of #WordPress plugins with security vulnerabilities.  Some of the plugins mentioned were also on the list that I did for the uploadify.php vulnerability, and there are some new ones. If you’re using any of the plugin mentioned, be sure you update to the latest

{ Read More }





WordPress 3.3.1 or Older
Exploit Alert: Comment Posting Forgery

Posted at Jun 20, 2012 | Posted in  Cyber Security, WordPress | By IT Pixie | No comments
uploadify-exploit

Exploit: wp-comments-post.php (WordPress 3.3.1 or older) What is it? Comment Posting Forgery (Cross Site Scripting (XSS)) How is it being used in WordPress? wp-comments-post.php is part of WordPress’ core file set. Why is it dangerous? wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS)

{ Read More }





Custom Page Templates Gone
after WordPress 3.4 Upgrade

Posted at Jun 16, 2012 | Posted in  Ask the Pixie, Troubleshooting, WordPress | By IT Pixie | 9 Comments
wordpress-3-4

Update 6/27/2012: This issue has been fixed in WordPress 3.4.1. Question: After upgrading my WordPress site to 3.4, the latest version, the custom page templates that came with my theme have disappeared!!!  Under Page Attributes –> Template in Edit Page I only get the “default template” for all my Pages, and it’s breaking my site!

{ Read More }





WordPress 3.4 is Here! And Facebook Plugs In

Posted at Jun 13, 2012 | Posted in  Google+ Posts, WordPress | By IT Pixie | No comments
wordpress-3-4

WordPress 3.4 is Here! And Facebook Plugs In First off, WordPress 3.4, codename “Green”, has officially been released to the public.  In this update of the popular blogging (and content management) platform, the biggest change is the theme customizer which “allows you to play around with various looks and settings for your current theme or

{ Read More }





In-Depth WordPress Security Tips

Posted at Jun 12, 2012 | Posted in  Cyber Security, Google+ Posts, WordPress | By IT Pixie | 2 Comments
wp-security

In-Depth WordPress Security Tips We all love WordPress, you know it.  Not only it’s a great blogging platform, its flexibility and scalability in functionality and design — and it’s ease of use — makes it a desirable platform for many small businesses who need a easy-to-manage website or Content Management System (CMS). But WordPress has

{ Read More }





WordPress Exploit Alert: Uploadify.php

Posted at Jun 09, 2012 | Posted in  Cyber Security, WordPress | By IT Pixie | 20 Comments
uploadify-exploit

Exploit: Uploadify.php What is it? Unrestricted File Upload Exploit. As OWASP explains, The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step. How

{ Read More }





Serious Remote Exploit Found in All WooThemes

Posted at May 01, 2012 | Posted in  Google+ Posts, WordPress | By IT Pixie | No comments
hacker-news-tweet

Serious Remote Exploit Found in All WooThemes I first saw a post on Gits via a Hacker News tweet 3 days ago: There was a bug in WooThemes’ WooFramework that allowed any website visitor to run and see the output of any shortcode. This was a serious issue because the bug gave unauthenticated visitors the

{ Read More }