WordPress Web 2.0 Spot-Er

WordPress Security is becoming very popular topic lately but it is only natural. As platform becomes popular and widely adopted - it becomes a nice target to “crackers”. What makes matters worse is constant and aggressive upgrade cycle chosen by the developers and No Simple Way to keep up with them… almost (more on that later).

Upgrades that define the very innovative nature of the WordPress blogs are also the culprit of the Security Problems! It is what prevents the platform from becoming a true mainstream and keeping it within the “geeky” realm.

• Reality is - Most People Just Want A Platform They Can Use To Publish!

Upgrade is seen by many bloggers as annoyance, ignored on many occasions and as result - their blogs get hacked! In this post I want to discuss some of the WordPress Security measures available to you and how to take advantage of it!

Read the rest of this entry »

If you have installed WordPress 2.2 you absolutely MUST upgrade to the latest version 2.2.1. This new version not only addresses the few bug fixes but most importantly several security issues. Read all issues addressed here.

At least one of them already has an exploit out “in the wild”. XML-RPC exploit affects ONLY WordPress 2.2 and only blogs that allow registration or blogs that already have registered members as it relies on existing account to perform SQL injection and allows attacker to take full control of your blog. Here are some details on this exploit on WordPress support forums and here is a post by someone who already been hacked.

Second security issue addressed was PHPMailer and if you use Sendmail on your blog for mail function – you need to check this one.

Upgrade Notes: If running 2.2 then you must upgrade, this is not optional if you want to save yourself pain of recovering from hack. Here is some information you might find useful.

Read the rest of this entry »