Hello! Some time ago I released a plugin for Wordpress: DigoWatchWP.

The plugin will monitor your WP-posts and pages. Whenever an entry has been changed it informs you via email. So if you receive an email and you have nothing changed you should have a closer look at your post or page. Maybe somebody changed your post or page to include a spam-link (e.g. links to OnlineCasino, adult-content are very popular).

The plugin can be downloaded here: http://wordpress.org/extend/plugins/digowatchwp/

Ciao
digo
http://www.showhypnose.org

I’ve just released a new tool for your security arsenal to be used to protect your WordPress installation. It’s a set of scripts that will monitor the WordPress files for changes. Details at http://www.planetmike.com/goto/720

BlogSec Changes: Modified Feedburner to allow page feeds; Added Gravatars; Added Feeds for BlogSec-News; Added BlogSec-News Banner on main.

Flavio Copes has provided an Italian version of our popular WordPress Whitepaper.

Was playing with Automatic’s Gravatars (central blog user pictures). I think they have done it the right way by uploading all images to their servers.

I can’t think of any immediate security concerns, unless the Gravatars server is actually compromised. If this is done, it means an attacker could perform some rather devious attacks, affecting all blogs using Gravatars.

In response to the growing concerns that social network site user’s have had over privacy, Flugpo ( http://www.flugpo.com )has sponsored the development of a plug-in to help counteract the collection and sale of personal information.

This plug-in will be available through MyDataIsMyData.org. The plug-in (a small toolbar) allows each user to decide what information they will delete off their computer and what they will make visible as well as alerting them whenever they enter a site that is collaborating with a social network to sell their personal information. Selling private information for profit unbeknownst to the user’s is an abuse of their trust and MyDataIsMyData.org hopes to empower these user’s by allowing them to control the amount of personal information that they make visible.

Dan, its a shame you guys don’t provide a free, open source version.

I thought you guys might be interested in our new product.
( http://firewallscript.com ) Its very much like modsecurity, but easier for the end user to setup- has a
nice admin control panel, and it even runs on shared hosting. This is a very important feature, as a large percentage of the blogging community does not have the need/means for a dedicated server so by using our software, they can have the full benefits of a web application firewall with its only requirement being PHP5.

Michael, keep us informed, sounds like a great project.

I’m releasing an ebook next week, The Hard Core Guide to Locking Down WordPress, and would love some feedback on it. Anyone interested please send me an email (mclark @ my domain) and let me know your site’s URL.

Welcome to the BlogSec News Portal, feel free to contribute news, plugin reviews, security advisories etc. Knock yourselves out.