WordPress Insecure by Design?
Filed Under (Articles, WordPress) by DK

We have seen alot of critical vulnerabilities being discovered in WordPress core and its plugins of late, who’s to blame? This article will take a brief look into WordPress design and its core security functions.

One of the major problems I see with WordPress is that it provides little (if any) protection against input validation attacks. […]

(20) Comments   
Read More   
ModSecurity and Wordpress: Defense in Depth
Filed Under (Articles, WordPress) by DK

Daniel Cuthbert writes an excellent paper for BlogSec on securing your blog with ModSecurity.

Here’s a snippet:

Wordpress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability. Unfortunately it is also missing the vital security functions that protect the application from malicious attacks. A default install of Wordpress is not […]

(29) Comments   
Read More   
Which is more secure: WordPress vs WordPress MU
Filed Under (Articles, WordPress) by DK

A couple of weeks ago Adam Warner suggested we have do a security comparison between WordPress and WordPress MU. In particular, he was interested to know which was more likely to pass PCI accreditation.

I contacted Doncha, lead developer of WordPress MU for some feedback. Interestingly, we both shared similar sentiments and it made this question […]

(5) Comments   
Read More   
WordPress Security Whitepaper
Filed Under (Articles, WordPress) by DK

New Revision: v1.2 (Apr/08)

Table of Contents: 1
Introduction 2
Installing WordPress 2
Accessing your WordPress tables 2
Changing your WordPress Table Prefix 3
Before Installation 3
Manually Change 4
WP Prefix Table Changer 5
Preparing the Blog 6
Changing your Admin Username 6
Create a new limited access user 7
Hardening your WP Install 9
Restricting wp-content & wp-includes 9
Restricting wp-admin 9
Block all except your IP 9
Password Required - .htpasswd 10
The .htaccess file 10
The .htpasswd file 10
SPAM 11
Blog Encryption 12
Key Plugins 13
Disabling WordPress Errors 13
Removing the WordPress Version 13
Security Above […]

5 Step Failsafe upgrade for WordPress
Filed Under (Articles, WordPress) by DK

Roland Rust runs http://wordpress.designpraxis.at and we are pleased to introduce him as our guest blogger today! In this post he discusses WordPress backups with one of his excellent plugins, "BackupWordPress". This plugin really makes it easy not only to backup your entire blog (including files) but also to restore it with the click of a […]

(28) Comments   
Read More