Security

WordPress Security Threats – Aug/2013

August was a fairly light month for WordPress security. Let’s start with what Packet Storm security reported on. WordPress Wordfence 3.8.1 Cross Site Scripting WordPress Encrypted Blog 0.0.6.2 XSS / Open Redirect WordPress silverOrchid Cross Site Scripting WordPress Simple Login Registration 1.0.1 Cross Site Scripting WordPress Post-Gallery Cross Site Scripting WordPress Video Whisper Cross Site…

SSL Everywhere – WordPress.org

Peter Westwood, better known as Westi in the WordPress community, recently announced that he has developed and implemented some new methods for wordpress.org so that interactions can now be made over SSL. Whether you’re just downloading an update of WordPress or interacting with the wordpress.org API, both calls and responses can now be made over…

WordPress Security Threats – Jul/2013

July was an extremely quiet month for Sucuri’s blog of security alerts, with the only mention being Dissecting a WordPress Brute Force Attack. But as always, I appreciate all of their updates and critical alerts to help keep the community informed. Similarly, July was a quiet month for Packstorm Security as well. Here is what…

WordPress Security Threats – Jun/2013

June 2013 was a quiet month for WordPress security, as Sucuri Security reported near nothing related to WordPress, except for the security release of WordPress 3.5.2. Packetstorm Security also had a fairly quiet month, but there was one major threat: WordPress 3.5.1 had a security issue where it was vulnerable to a DoS attack. If…

WordPress Security Threats – May/2013

May was a quiet month for security alerts from Sucuri. The only alert was around the wildly popular caching plugins, W3 Total Cache and WP Super Cache, which were both being targeted by some mfunc HTML comment exploits.

Security by Brad Williams [LIVEBLOG]

A little about Brad Williams’ Security talk: Learn how to keep your WordPress-powered website secure from hackers and exploits. Brad Williams from WebDevStudios.com shows examples of hacked sites, shares tips and plugins for keeping WordPress secure, and talks about his experiences with WordPress and security. We’ll be getting started about 9am PST. UPDATED: Here are…

Introducing VaultPress Lite

In an effort to appeal to more WordPress site owners, Joseph Scott — who works for Automattic, which operates VaultPress, announced today that VaultPress is now offering a “Lite” plan at a $5 per month price tag. You receive the normal benefits of daily backups, automated site restore, stats and activity logging, and 30 days…

WordPress Security Threats – Apr/2013

April was a heavy month full of surprises. Two high profile caching plugins, W3 Total Cache and WP Super Cache were both exploited and require immediate updates if you have them activated. Additionally, there were widespread botnet attacks, brute-forcing password attempts and much more. Take a look below at what Sucuri wrote throughout April.

WordPress Security Threats – Mar/2013

March’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. If you feel you may have been hacked, use the malware and virus scanner by Sucuri. March was a light month for Sucuri, with…

WordPress Security Threats – Feb/2013

February’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. If you feel you may have been hacked, use the malware and virus scanner by Sucuri. Sucuri Coverage cPanel Inc. Server Compromised WordPress Plugin:…

WordPress Security Threats – Jan/2013

2012 just blew by and we’re already one month deep into 2013. January’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. If you feel you may have been hacked, use the malware and…

WordPress Security Threats – Dec/2012

December’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. If you feel you may have been hacked, use the malware and virus scanner by Sucuri. Sucuri Coverage W3 Total Cache Implementation Vulnerability Sucuri…

W3 Total Cache Fixes Security Hole

Recently announced by Sucuri Security, WordPress caching plugin W3 Total Cache had a security hole. The issue is connected to the way W3TC stores the database cache (in a public accessible directory). It can be used to retrieve password hashes and other database information. Sucuri outlined a fix for the issue as an interim solution:…

WordPress Security Threats – Nov/2012

November’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. If you feel you may have been hacked, use the malware and virus scanner by Sucuri. Sucuri Coverage Website Malware – SEO Poisoning Out-of-date…

WordPress Security Threats – Oct/2012

October’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. If you feel you may have been hacked, use the malware and virus scanner by Sucuri. Sucuri Coverage Is WordPress.com SPAM Campaign Due to…

WordPress Security Threats – Sep/2012

September’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. If you feel you may have been hacked, use the Sucuri free scan tool. Sucuri Coverage Sociable WordPress Plugin Security Warning WordPress 3.4.2 Released…

WordPress Security Threats – Aug/2012

August’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. If you feel you may have been hacked, use the Sucuri free scan tool.

WordPress Security Threats – Jul/2012

July’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately. If you feel you may have been hacked, use the Sucuri free scan tool.