Archive for September, 2007
5 Step Failsafe upgrade for WordPress
Roland Rust runs http://wordpress.designpraxis.at and we are pleased to introduce him as our guest blogger today! In this post he discusses WordPress backups with one of his excellent plugins, "BackupWordPress". This plugin really makes it easy not only to backup your entire blog (including files) but also to restore it with the click of a [...]
wp-scanner to detect backups
As many of you already know, wp-scanner is a free online vulnerability scanner for WordPress. The next release of wp-scanner hopes to include functionality to scan for backups.
While reviewing wp-scanner results and searching Google, it is clear that many backup plugins (x2 that I have tested so far) store backups within the web root, making [...]
WordPress 2.3 changes
A couple months ago we mentioned the guys at wp-plugins-db had released a plugin to allow you to keep up to date with your plugins, well WordPress 2.3 which is due to be released shortly apparently include these features out the box. The WordPress site says:
Enjoy the last time you have to check for plugin [...]
2 vanilla XSS on Wordpress ‘wp-register.php’
Thanks to Adrian Pastor for submitting this post.
There are two vanilla XSS on ‘wp-register.php’. Only early versions of
the 2.0 branch are affected.
Version 2.0 is vulnerable through the ‘user_login’ and ‘user_email’ parameters.
Version 2.0.1 filters the ‘user_login’ parameter but is still
vulnerable through the ‘user_email’ parameter (half-baked fix?).
The XSS is only exploitable through a ‘POST’ request.
WordPress 2.0.4 is [...]
Shifting to PHP5
Ryan Boren has already touched on the topic of WordPress and PHP5. For those who are not yet aware, PHP has announced that the popular PHP4 is to be phased out over the next year and PHP5 is now the top boy.
Most popular open source application including WordPress have not yet officially adopted PHP5. [...]
