security

Osirt, a malware security company is reporting that the WordPress theme OptimizePress contains a significant security vulnerability. According to the security bulletin published a few days ago, the problem lies within the Media-upload.php file. When a browser loads this file within the theme, the media upload screen appears. From here, (more…)

Themify has announced that they have discovered and confirmed a vulnerability in their framework. The vulnerability stems from an unsecure file named themify-ajax.php. The fix was released on November 9th, 2012 but the auto upgrade process failed to delete the file. Themify states they have “recently received several reports of (more…)

One of the security tips you’ll come across often is immediately deleting the admin user after installation and creating a new user, then assigning that user the administrator role. This is something I wish the core team would address so that during the installation of WordPress, users would be able (more…)

Over the week-end, I received an email from Mollom notifying me that they had discovered a security breach. According to their official blog post on the matter, the breach was discovered on August 21st. Mollom is a service managed by Acquia, a commercial open source software company providing products, services, (more…)

Checkmarx, a company founded in 2006 that specializes in automated security code reviews has published a security vulnerability report on the top 50 plugins on the WordPress plugin repository. In the report published on June 18th, 2013 Checkmarx concluded that more than 20% of the 50 most popular WordPress plugins (more…)

WordPress 3.5.2 just shipped and addresses a few security issues one of which was brought up around June 7th. The release also contains a few bug fixes as well. It’s been awhile since we’ve seen a dedicated security release but I guess it’s time to start a new streak. Also (more…)

In late 2012, VaultPress announced that they had acquired security company Code Garage. At the time, the acquisition seemed like a talent grab more than anything else. Even though VaultPress stated that they would continue to work on the Code Garage product, it didn’t make much sense to have both (more…)

BuddyPress 1.7.2 was released a little while ago. It contains some bug fixes but the most notable items include several MySQL Injection possibilities that have been patched. 1.7.2 is being classified as a recommended upgrade for anyone using BuddyPress 1.5 or above. I’m keeping tabs on BuddyPress because at some (more…)

It’s time to clear up the debate once and for all. Despite all the doubts (and some haters), WordPress core is without a doubt one of the most secure platforms you can choose to put a site on. Of course, a WordPress install is only as secure as the plugins (more…)

The wait is over for those that have wanted an affordable offering from VaultPress. The service announced on May 8th that a new service level called VaultPress Lite would be available for an astoundingly cheap $5.00 per month, per site. The plan covers the basics: Daily backups that happen automatically, (more…)