The First Security- & Bugfix Release of the latest WordPress branch is now available. WordPress do not mention the vulnerabilities fixed on the download page, but BlogSec recommended 2.5 users upgrade ASAP.

Of all the bugs fixed, two fairly critical security issues were fixed. A Cross-Site Scripting vulnerability and the WP 2.5 Cookie Integrity Protection […]

Great news! We are pleased to announce, to our translators dismay, that we have revised our popular "How to Secure WordPress" whitepaper.

The new revision takes a more hands-on approach making it easier to follow and implement. New sections have been added to cover important topics like Spam and Blog Encryption.

Check out more information at the […]

BlogSec received an email yesterday with a rumour that an SQL Injection issue has been found in the Wordress 2.5 admin login screen.

There is currently no evidence to backup this claim, and we have received no further information. As time permits, we will investigate this issue further.

WordPress 2.5 has been released.

From a security perspective, the new WP 2.5 promises secure cookie management, salted passwords and prepared SQL querying functions.

I won’t be upgrading right away… I’ll let it run a while. This may be a good move forward for the WP team. Nice work guys!

Cyberinsecure recently posted details of an automated WordPress hacking tool that is doing the rounds. This malicious worm or program appears to create the directory, "wp-content/1/" as well as spam comments:

The blogs are most likely attacked by some kind of automated tool since the amounts of spam are too big to work manually on all […]