Archive for July, 2007
BlogSecurity E-Mail Alerts
You can now subscribe to BlogSecurity’s E-Mail alert system. We implemented this after getting a number of requests from you for an E-Mail based alerting system. It is simply an alternative to RSS feeds.
BlogSecurity now supports an E-Mail alerting service as an additional or alternate method over RSS. This means you can receive our latest [...]
wp-scanner plugin
Philipp Heinze of the BlogSecurity team, released a simple plugin to activate wp-scanner when testing your blog.
We know its been a pain having to edit your template every time you want to run wp-scanner. The BlogSecurity team have released the wp-scanner plugin to address this challenge.
The installation instructions are as follows:
Download the wp-scanner plugin here
Unzip [...]
HIGH RISK: wp-feedstats plugin vulnerable
While testing the wp-feedstats plugin I found two or more critical security vulnerabilities that may allow an attacker to gain full access to your WordPress blog.
The developer of the popular plugin was contacted yesterday, however, I am yet to receive a response; in the mean time, I would strongly suggest all users disable this plugin [...]
WP Prefix Table Changer
Philipp Heinze developed WP Prefix Table Changer for the BlogSecurity toolbox. The idea came from Stefan Essar BlogSecurity Interview recently, where he suggested changing the WordPress table prefix from the default "wp_" to something a little more obscure to mitigate SQL Injection vulnerabilities. Nice job Phil.
This plugin is useful for two reasons:
Firstly, if your WordPress [...]
WordPress Blog gets hacked
Yesterday, a WordPress blog was compromised and defaced because the blog was running an old vulnerable plugin.
WordPress, themes and plugin version control and alerting is something WordPress is really going to have to get on top of if they are ever to develop a secure blogging platform. How many of us forget about those plugins [...]
