Although this is not a direct WordPress vulnerability, it is a severe vulnerability that webmasters should be aware.
A new paper out this week details the exploit of MD5 and Certificate Athorities (CA). What makes this such a scary and threatening attack is the use of MD5 to secure a website identity. Using the HTTPS protocol, web surfers verify the identity of secure sites by checking for the lock icon and the use of HTTPS in the web address.
Using this exploit, an attacker can fake the authenticity of a website by …

WordPress Hacker
I have recently come across a series of posts regarding the elusive task of securing a WordPress installation. I was curious about how this works, and wondered why this would be needed since the WordPress development community does a fantastic job of release security updates to prevent attacks on millions of blogs run by the publishing software.
In reading on this subject, I found a website called wordpresssecured.com. I thought to myself how odd it would be for millions of people to be using an unsecure code set to run …

John Coltrane
Just one day after 2.7 RC 2 was released, the real deal, WordPress 2.7 “Coltrane” has hit the servers and is a major change in not only the admin panel, but a lot of core changes as well.
There have been plenty of updates concerning what updates have happened, and many times that number on the admin area changes. With all of these major changes, it is a wonder this isn’t considered version 3.0!
Just to detail how major this update really is, take a look at the name, Coltrane. John …