News
WordPress Install Files Security Risk
Jeff Starr over at Perishable Press has discovered a way to hack a WordPress blog in rare cases where the installation files have been left behind and the database is in accessible:
The other day, my server crashed and Perishable Press was unable to connect to the MySQL database. Normally, when WordPress encounters a database error…
The [...]
Guvnr 10 Steps to Secure WordPress Video
Guvnr has released a really detailed article securing a blog using our WordPress Security Whitepaper (which is due for an update soon). The article is titled, "10 tips to make wordpress hack proof". Has a nice ring to it.
In addition to this, Guvnr has put together a very cool video which takes one through the [...]
WordPress Scanner Next-Gen Released
Here it is!!!
Its been a long and exciting week. Not only are we experiencing the most severe snow in Kent but I’ve finally managed to role out the massively improved WordPress vulnerability scanner. It can also be accessed using the menu link above, “WordPress Scanner”.
It is a complete re-write of the old scanner. I’ve not [...]
WordPress Security Predictions in 2009
Okay, deep breath, in 2008, we saw Cross-Site Scripting, SQL injection, SQL truncation, Cookie generation weaknesses, Directory Traversal, Arbitrary File Uploads and Cross Site Request Forgery attacks, to name a few?
A mouth full but it made for a very interesting 2008 case study of security developments in a popular open source PHP application.
The WordPress core [...]
WordPress Pwnie Awards
The Pwnie Awards, an ‘annual awards ceremony celebrating and making fun of the achievements and failures of security researchers and the wider security community’.
It seems like hardly a week goes by without a new vulnerability in WordPress or one of its many plugins. Many of them are actively being exploited to own popular WordPress [...]
