Comments on: WordPress 2.6 Security Improvements?

By: BlogSecurity » Blog Archive » WordPress 2.6 Released

BlogSecurity » Blog Archive » WordPress 2.6 Released — Mon, 21 Jul 2008 21:57:37 +0000

[...] 2.6 is now available. We have mentioned from of the security improvements in an earlier post. The latest version promises a number of security enhancements as [...]

By: Angry Goe

Angry Goe — Wed, 16 Jul 2008 02:41:31 +0000

WTF is wordpress and why should I care?

By: ChaosKaizer

ChaosKaizer — Thu, 03 Jul 2008 05:09:35 +0000

switching off some features is not “security improvements”. Why not just separate the whole features from being download in the first place. I think they should improve their code and hardcoded it instead of turning it off.

anyway there is others alternative like openid & oauth to make it more secure..

By: WordPress 2.6 Bêta 1 - Emmanuel GEORJON

WordPress 2.6 Bêta 1 - Emmanuel GEORJON — Thu, 26 Jun 2008 18:03:32 +0000

[...] WordPress 2.6 Security Improvements? du site BlogSecurity.net, [...]

By: bj

bj — Tue, 24 Jun 2008 12:04:21 +0000

Since the xml/rpc stuff is what makes wordpress so kickass in the search engines, turning this stuff off is not exactly going to win friends and influence people. It would be better to find a way to make it secure for those who wish to use the features and develop a method to turn them off for those who don’t need them.

And it is about time that Matt Mullenweig started paying attention to security. I’ve heard backroom rumors that his dev team has been screaming for this for years.

By: Wordpress Vs Blogger - WebProWorld

Wordpress Vs Blogger - WebProWorld — Tue, 24 Jun 2008 10:11:34 +0000

[...] Re: Wordpress Vs Blogger On and off topic I have ran a self hosted Wordpress blog for awhile and I agree with everyone that is rocks. But with reports of security issues with wordpress I’m not sure if I’m going to say with it. Wordpress being open source and as widely used, it has become a hackers magnet. Wordpress also does not have anyone dedicated to security that I know of. So with this in mind what other blogger software is as good as Wordpress to be honest I’m not sure can anyone help me out there? or give your thoughts on these issues. Other comments on wordpress issues. [...]

By: Terry

Terry — Mon, 23 Jun 2008 14:56:44 +0000

[quote]A number of XMLRPC features will be deactivated by default. I doubt they will remove functions such as pingbacks and trackbacks, however, it is something to keep an eye on.[quote]

Many users do not need comment, pingbacks and trackbacks so it would be very useful to produce a guide to disabling these features in older versions of WordPress.

By: dot tilde dot

dot tilde dot — Mon, 23 Jun 2008 14:21:40 +0000

i usually disable xmlrpc on my sites where i dont need it, and it has been working alright for me.

disabling a necessary feature is not an option, thank you for pointing that out… again.

.~.

By: Robert

Robert — Mon, 23 Jun 2008 11:46:00 +0000

Now, if just anybody would care to explain how disabling a feature would reduce attack surface for those who need said feature and thus switch it on?

Is it any safer when all the other blogs don’t use it? Hm, not in my book at least.

Otherwise, how would you judge the hypothetical attempt of Microsoft to disable internet access in the next release of Windows as it has proved to be a very vulnerable attack surface in the past versions?