Network security is one of those things in life I find fascinating. It’s a constant battle between good and evil. Just when the good guys think they have things figured out, the bad guys change their techniques. With all of the good that comes from using Cloud based services, there is also the other side…
Checkmarx, a company founded in 2006 that specializes in automated security code reviews has published a security vulnerability report on the top 50 plugins on the WordPress plugin repository. In the report published on June 18th, 2013 Checkmarx concluded that more than 20% of the 50 most popular WordPress plugins were vulnerable to common web…
WordPress 3.5.2 just shipped and addresses a few security issues one of which was brought up around June 7th. The release also contains a few bug fixes as well. It’s been awhile since we’ve seen a dedicated security release but I guess it’s time to start a new streak. Also of note is that the…
In late 2012, VaultPress announced that they had acquired security company Code Garage. At the time, the acquisition seemed like a talent grab more than anything else. Even though VaultPress stated that they would continue to work on the Code Garage product, it didn’t make much sense to have both services. When I initially reported…
BuddyPress 1.7.2 was released a little while ago. It contains some bug fixes but the most notable items include several MySQL Injection possibilities that have been patched. 1.7.2 is being classified as a recommended upgrade for anyone using BuddyPress 1.5 or above. I’m keeping tabs on BuddyPress because at some point in the future, this…
It’s time to clear up the debate once and for all. Despite all the doubts (and some haters), WordPress core is without a doubt one of the most secure platforms you can choose to put a site on. Of course, a WordPress install is only as secure as the plugins it leverages — but that’s…
The wait is over for those that have wanted an affordable offering from VaultPress. The service announced on May 8th that a new service level called VaultPress Lite would be available for an astoundingly cheap $5.00 per month, per site. The plan covers the basics: Daily backups that happen automatically, so you can focus on…
Earlier today on Twitter, WordPress community member Travis Ballard @Ansimation published a link to a plugin that will have people thinking twice before they sign up to a WordPress based website. Ironically, it’s called WPEvil and saves passwords into plain text instead of hashes. One thing I’ve learned over the years is that passwords are…
Automattic or more aptly VaultPress, has acquired security company, CodeGarage. This is the first time I’ve ever heard about CodeGarage but they appear to be a VaultPress alternative. Looking over the pricing and plans for each service, I see that CodeGarage was definitely cheaper as you can monitor 5 websites for $25 a month while…
Over the past few days, I’ve read various posts regarding a security hole discovered in the popular W3 Total Cache plugin. According to a security bulletin published by Jason Donenfeld on Seclist.org, after installing the plugin from the WordPress plugin repository through the backend of WordPress, there are two avenues of attack left open. 1)…
As if WooThemes.com being attacked was not bad enough, there is also a critical security issue that’s been fixed in the latest release of the WooFramework. The issue dealt with the shortcode generator. The latest version (and most likely many previous versions) of the WooThemes WooFramework has a bug that allows any website visitor to…
As part of their Make Waves series, iThemes will be conducting a free webinar with Dre Armeda of Sucuri.net to discuss how to lock down a WordPress installation. In this webinar, viewers will learn how to reduce their risk of being attacked by hackers and malware threats. The webinar takes placed on Wednesday, April 25th…
VaultPress is a cool security service by Automattic, but if you take a look at the pricing and plans, some may think that this is the luxury line of data safekeeping. However, tons of people that have had to utilize the restoration feature of VaultPress say it’s worth every penny. Boles University.com has a non-profit…
It was announced earlier today that that BuddyPress 1.5.5 is now available for download. This is considered a maintenance release which addresses 14 issues, some of which are security related. Congrats to the team and I hope you had a blast at WordCamp Netherlands Paul Gibbs.
Plugin authors need to take serious notice of a recent phishing attack that is aimed specifically at plugin authors. Ipstenu, one of the volunteer WordPress.org support forum moderators has published a forum thread warning others that responding to the email wouldn’t be a good idea. The way in which this phishing attack works is pretty…