Tools
bs-wp-encrypt plugin: Encrypt Logins
This simple plugin will ensure that all requests to ‘wp-login.php’ and ‘wp-admin/*’ are redirected over HTTPS. By using HTTPS you mitigate the risk of attackers capturing sensitive information such as usernames and passwords, which when accessed over HTTP provide no level of security.
Please ensure that your site supports HTTPS before enabling this plugin. This can [...]
bs-wp-sandbox plugin: Lock WP Functions
The BlogSec WordPress Sandbox plugin works on a whitelist principle. We accept all pages and posts (including wp-admin, feeds and xmlrpc) but deny requests for any other resources or WordPress functions.
I came up with the idea for this plugin when developing my homepage WithDK.com (where it is currently being tested). I wanted WordPress to act [...]
bs-wp-noversion plugin: Removes WordPress Version
BlogSecurity Wordpress Noversion plugin (bs-wp-noversion), prevents WordPress version leakage. Another simple, yet extremely useful WordPress security plugin.
Alot of attackers and automated tools will try and determine software versions before launching exploit code. Removing your WordPress blog version may discourage some attackers and certainly will mitigate virus and worm programs that rely on software versions.
Plugin Name: [...]
bs-wp-noerrors: removing WordPress DB errors
This plugin is now deprecated as of WordPress 2.3.2. WordPress 2.3.2 has error messages disable by default. This plugin may still be useful for those running older versions.
WordPress by default has error messaging turned on:
function show_errors() {
$this->show_errors = true;
[...]
WPIDS – WordPress Intruder Detection System
WPIDS is the WP port of PHPIDS, an Intrusion Detection system for PHP. With PHPIDS it’s possible to check all delivered user-generated content for malicious code, like SQL Injection/XSS/CSRF, and so on. In short, its a defense plugin for WordPress that BlogSec members have been working on for a few months now. I would say [...]
