Home » Archive

Articles in the Security Category

Headline, Security »

MD5 Vulnerability
[3 Jan 2009 | 2 Comments | 897 views]
MD5 Vulnerability

Although this is not a direct WordPress vulnerability, it is a severe vulnerability that webmasters should be aware.
A new paper out this week details the exploit of MD5 and Certificate Athorities (CA). What makes this such a scary and threatening attack is the use of MD5 to secure a website identity. Using the HTTPS protocol, web surfers verify the identity of secure sites by checking for the lock icon and the use of HTTPS in the web address.
Using this exploit, an attacker can fake the authenticity of a website by …

Headline, Security »

Secure WordPress Scam
[1 Jan 2009 | No Comment | 638 views]
Secure WordPress Scam

WordPress Hacker
I have recently come across a series of posts regarding the elusive task of securing a WordPress installation. I was curious about how this works, and wondered why this would be needed since the WordPress development community does a fantastic job of release security updates to prevent attacks on millions of blogs run by the publishing software.
In reading on this subject, I found a website called wordpresssecured.com. I thought to myself how odd it would be for millions of people to be using an unsecure code set to run …

Security »

WordPress MU 2.6.5
[26 Nov 2008 | No Comment | 1,468 views]

The same security fix provided to WordPress has also been added to WordPress MU. Version 2.6.5 takes care of the XSS security risk and is issued as an immediate upgrade because it fixes these holes.
The files changed in the latest update are as follows:

tags/2.6.5/wp-signup.php

tags/2.6.5/wp-login.php

tags/2.6.5/wp-includes/post.php

tags/2.6.5/wp-includes/version.php

tags/2.6.5/wp-includes/wpmu-functions.php

tags/2.6.5/wp-includes/feed.php

tags/2.6.5/wp-includes/widgets.php

tags/2.6.5/wp-includes/rss.php

tags/2.6.5/xmlrpc.php

tags/2.6.5/wp-settings.php

tags/2.6.5/wp-admin/users.php

The latest version of WordPress MU can be downloaded here.

Security »

WordPress 2.6.5 security release
[26 Nov 2008 | No Comment | 307 views]

An update to WordPress was released today. It is a security fix and is recommended for all users. According to Peter Westwood, the update contains one security fix and some bug fixes. 
I have compiled a list of the files that were changed. These can be captured from WordPress Trac. 

tags/2.6.5/wp-includes/post.php
tags/2.6.5/wp-includes/version.php
tags/2.6.5/wp-includes/feed.php
tags/2.6.5/xmlrpc.php
tags/2.6.5/wp-admin/users.php

Read about the update and download it from WordPress.org