Archive for November, 2007
WPIDS – WordPress Intruder Detection System
WPIDS is the WP port of PHPIDS, an Intrusion Detection system for PHP. With PHPIDS it’s possible to check all delivered user-generated content for malicious code, like SQL Injection/XSS/CSRF, and so on. In short, its a defense plugin for WordPress that BlogSec members have been working on for a few months now. I would say [...]
WP Cryptographp CAPTCHA bypass vulnerability
Mustlive at it again. This time he has broken the Captcha system for the Cryptographp plugin for WordPress. To quote him:
Statistics at wordpress.org said that this plugin was downloaded 6285 times. And taking into account that this plugin also can be downloaded from others sources, so total amount of downloads and sites which use this [...]
WordPress SSL for Debian Sarge
Juergen Kreileder over at blog.blackdown.de has a really nice step by step howto on how to enable SSL (HTTPS) for a WordPress blog.
This article does assume that your running Debian Sarge with Apache 2. This should work for Ubuntu as well.
We have received some feedback asking us to add an HTTPS howto into the WordPress [...]
Remote blogging security tips
The idea for this post came to me while visiting Malaysia for a project. My hotel wireless connection was down for the entire week so I had to hunt one down. Lucky for me they have a couple of really nice Starbuck Cafe’s in Kuala Lampur.
I decided to put a few DOs and DONTs when [...]
BlogSec vote closing soon
Just a quick request to our readers to please take a minute to vote. The voting will end this Friday, and we really plan to use the results of these votes to guide and steer BlogSec in the future.
The voting section can be found on the sidebar, titled, "What you enjoy on BlogSec"
Thanks to those [...]
