Yesterday, a WordPress blog was compromised and defaced because the blog was running an old vulnerable plugin.
WordPress, themes and plugin version control and alerting is something WordPress is really going to have to get on top of if they are ever to develop a secure blogging platform. How many of us forget about those plugins we installed eons ago.
Until WordPress get on top of things in this area, I think this is a nice reminder for us to go through our plugins directory and ensure that we are running the latest stable versions of our plugins and not running some 1950’s version.
svenkubiak.de was defaced yesterday due to running an older version of the popular myGallery plugin. BlogWatch was referenced in his article, as we have displayed the myGallery vulnerability on WordPress BlogWatch for some time.
The administrator of the blog has decided not to use myGallery at all for reasons he lists on his website.
Resources that can help:
Comments
[…] ich gerade bei BlogSecurity lesen musste, wurde gestern Nachmittag das Blog SvenKubiak.de “defaced”, d.h. gehackt […]
[…] BlogSecurity heute gemeldet hat, wurde (wie der Blogbetreiber Sven Kubiak selbst bekannt gab) gestern das […]
http://www.wp-plugins-db.org website has come up with plugin Wp Plugins Tracker which helps to track the Plugin releases.
Sugan, thanks for this link, its definately something I’ll look into later.
[…] Sugan, introduced BlogSecurity to wp-plugins-db. They provide a plugin named, WordPress Plugin Tracker, which allows users to ensure that they are running the latest versions of their plugins. I think this is a great project, and one BlogSecurity will try get involved with at some point. Great work over there guys. […]
-
Search site:
-
Additional WP Resources
