Comments on: WordPress Whitepaper rev-1.2: New Release

By: WordPress 2.5 Secret_Key Vulnerability - TheShadow’s Official Web Blog

WordPress 2.5 Secret_Key Vulnerability - TheShadow’s Official Web Blog — Mon, 28 Apr 2008 16:55:00 +0000

[...] recent “Secure WordPress Whitepaper Revision” shows the new WordPress SECRET_KEY variable in the ‘wp-config.php’ file. This SECRET_KEY [...]

By: Links for April 26th, 2008 at wolfgang.lonien.de

Links for April 26th, 2008 at wolfgang.lonien.de — Sat, 26 Apr 2008 20:31:31 +0000

[...] Secure your Wordpress [...]

By: WordZine

WordZine — Tue, 22 Apr 2008 06:01:56 +0000

WordPress Whitepaper：使博客更安全…

专注于博客安全的 BlogSecurity 刚刚发布了升级版本的 WordPress Whitepaper，我看了一下，书中所涉及的问题是我们很容易忽略的，很容易导致安全隐患。鉴于原文是英文的，所以我对该书进行了简….

By: Adam

Adam — Sat, 19 Apr 2008 00:04:57 +0000

Hey,

Thanks for all the hard work. I like many have suffered the “alter” error when trying to install the wp prefix plugin. My privileges were set to include alter and my config file is writeable for sure (even tried it with 777). The article offers no other suggestions. Any ideas?

By: BlogSecurity » Blog Archive » WordPress 2.5 Secret_Key Vulnerability

BlogSecurity » Blog Archive » WordPress 2.5 Secret_Key Vulnerability — Wed, 16 Apr 2008 09:20:09 +0000

[...] recent "Secure WordPress Whitepaper Revision" shows the new WordPress SECRET_KEY variable in the ‘wp-config.php’ file. This [...]

By: Frank

Frank — Tue, 15 Apr 2008 10:57:07 +0000

You have a small error in the whitepaper, page 4:
update wp_usermeta
–> 3 values: capabilities, user_level and autosave_draft_ids
In your whitepaper sty 2 values.

Great work and thanks!

By: Malte Landwehr

Malte Landwehr — Tue, 15 Apr 2008 07:29:12 +0000

I really liked the “hardening your wp-install” part. Great advice!