Articles
WordPress Insecure by Design?
We have seen alot of critical vulnerabilities being discovered in WordPress core and its plugins of late, who’s to blame? This article will take a brief look into WordPress design and its core security functions.
One of the major problems I see with WordPress is that it provides little (if any) protection against input validation attacks. [...]
ModSecurity and Wordpress: Defense in Depth
Daniel Cuthbert writes an excellent paper for BlogSec on securing your blog with ModSecurity.
Here’s a snippet:
Wordpress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability. Unfortunately it is also missing the vital security functions that protect the application from malicious attacks. A default install of Wordpress is not [...]
Which is more secure: WordPress vs WordPress MU
A couple of weeks ago Adam Warner suggested we have do a security comparison between WordPress and WordPress MU. In particular, he was interested to know which was more likely to pass PCI accreditation.
I contacted Doncha, lead developer of WordPress MU for some feedback. Interestingly, we both shared similar sentiments and it made this question [...]
WordPress Security Whitepaper
***PLEASE BE VERY CAUTIOUS USING ANY PLUGINS/TOOLS IN THIS WHITEPAPER. SOME OF THEM ARE BETA TOOLS AND HAVE NOT BEEN UPDATED FOR SOME TIME. SOME OF THE PLUGINS ARE KNOWN TO CAUSE PROBLEMS. FOLLOW THE PRINCIPLES BUT IT IS NOT RECOMMENDED THAT YOU RUN ANY OUTDATED OR BETA PLUGINS. IF IN DOUBT, PLEASE ASK!***
This document [...]
5 Step Failsafe upgrade for WordPress
Roland Rust runs http://wordpress.designpraxis.at and we are pleased to introduce him as our guest blogger today! In this post he discusses WordPress backups with one of his excellent plugins, "BackupWordPress". This plugin really makes it easy not only to backup your entire blog (including files) but also to restore it with the click of a [...]
