News
WordPress 2.6 Released
WordPress 2.6 is now available. We have mentioned from of the security improvements in an earlier post. The latest version promises a number of security enhancements as follows:
XML-RPC is turned off by default, but is easy to turn on again. Historically, attacks were possible through the XMLRPC services. We don’t know how many bloggers use [...]
WordPress 2.6 Security Improvements?
WordPress 2.6 plans to have a number of security improvements. A number of XMLRPC features will be deactivated by default. I doubt they will remove functions such as pingbacks and trackbacks, however, it is something to keep an eye on.
So will this really help secure WordPress in the future?
WordPress have been becoming more security [...]
WordPress 2.5.1 Release Fixes Several Vulnerabilities
The First Security- & Bugfix Release of the latest WordPress branch is now available. WordPress do not mention the vulnerabilities fixed on the download page, but BlogSec recommended 2.5 users upgrade ASAP.
Of all the bugs fixed, two fairly critical security issues were fixed. A Cross-Site Scripting vulnerability and the WP 2.5 Cookie Integrity Protection [...]
WordPress Whitepaper rev-1.2: New Release
Great news! We are pleased to announce, to our translators dismay, that we have revised our popular "How to Secure WordPress" whitepaper.
The new revision takes a more hands-on approach making it easier to follow and implement. New sections have been added to cover important topics like Spam and Blog Encryption.
Check out more information at the [...]
WordPress 2.5 Admin Login SQL Injection Rumour
BlogSec received an email yesterday with a rumour that an SQL Injection issue has been found in the Wordress 2.5 admin login screen.
There is currently no evidence to backup this claim, and we have received no further information. As time permits, we will investigate this issue further.
