There’s been a lot of hype around a new tool that was released not too long ago called FireSheep. In a nutshell, FireSheep is an extension for FireFox that monitors the airwaves of public Wi-Fi to sniff out login credentials to popular websites such as WordPress.com, self-hosted WordPress installations, Twitter, Facebook, and more. Once those…
Over the weekend, numerous users on GoDaddy shared webhosting accounts reported that their sites had been hacked with injected malware. Neowin.net was able to get a hold of GoDaddy’s security expert Todd Redfoot who explained what happened: GoDaddy reassures customers that the attack was via WordPress and not an attack on the GoDaddy servers themselves.…
Time and time again, when I would read an article about WordPress security or how to harden an install, I would see mentions of limiting the amount of times someone can try to log into an account. I’ve never put much thought into the idea but I’ve finally installed a plugin to help lessen the…
April has been a troubling time for a couple of well known web-hosts security wise. Ipstenu wrote a post on the various hacks that took place this month and I thought it was a well written piece that explains the variables that needed to happen for those events to occur. I’m not sure if she…
If I were operating Network Solutions right now, I’d be on my knees begging for mercy. Browsing through my feedreader today, I came across a post on ComputerWorld.com mentioning that customers hosted on Network Solutions.com have been attacked again. This time, it’s not targeted at WordPress users. Sucuri Security Labs has the most detailed information…
I haven’t had the time to write about much WordPress news lately but after reading the post published on the WordPress developer blog regarding Network Solutions, it might have been for the best. There have been a number of WordPress based sites hosted on Network Solutions that have had their databases compromised but overall, the…
WordPress 2.9.2 was released just a few minutes ago to address a security problem dealing with the Trash feature. When WordPress implemented the new feature they failed to change the permissions granted when the post is in the trash. This means that an unauthenticated user cannot see the post, however an authenticated user can no…
This is a guest blog post written by Randy Hoyt, author of the blog, RandyHoyt.com. He’s also the founder of Web development firm Amesbury Web. The recent attacks on older versions of WordPress have made security a hot topic in the community. There has been finger-pointing and mud-slinging from many different directions, but there has…
In this rant filled edition of WordPress Weekly, David and I along with special guest co-host Scott Clark developer and community manager for the PODS CMS plugin talk about a wide range of topics all relating to WordPress Security. We cover what happened with the worm that took advantage of old versions of WordPress, security…
Much has been said in recent weeks regarding WordPress upgrades, security, and responsibility. While I still think end users are the ones responsible for what happens regarding their WordPress powered site, I do think there are areas of improvement that the WordPress team should consider. The following is a list of some of my own…
Amidst all the fuss about what it takes to find out when there is an upgrade available for WordPress, Konrad Karpieszuk took advantage of the situation and created a plugin that provides email notifications on when an upgrade is available. The plugin sends a check to WordPress.org every day to see if the version installed…
This weeks edition of WordPress Weekly will be an open mic roundtable centered around the topic of security. We’ll talk about security practices, things to avoid doing to make upgrading a harder process, the entire situation surrounding the worm that hit older versions of WordPress, ideas for what WordPress can do better, etc. I highly…
Considering all of the security talk of the past week, I figured the poll question ought to deal with the subject. Plain and simple, do you think WordPress is secure? Let’s talk about it. [poll id=”27″]
Over the weekend, news quickly spread throughout the WordPress community of a worm that was taking advantage of older versions of WordPress. I found out about the problem through Lorelle’s twitter account where she linked to an article on her blog covering the details of the attack. Mark Ghosh of WeblogToolsCollection.com quickly followed up with…
In this episode, David and I get you caught up on the news of the week which includes a few stories from the WordPress.com side of the world. We give you the 411 on the latest version of WordPress to be released, WordPress getting it’s own URL shortener, and much more. We were also joined…