Category Archives: security

Do you use PHP $_SERVER variables in forms?

Posted on September 24, 2009 by Owen

photo credit: Melissa Maples I came across an interesting point that outlines that dangers of using $_SERVER variables to submit form, a practice that’s pretty common in WordPress plugins. The problem is that it opens the form up to be … Continue reading →

Posted in security | Tagged Cross-site scripting, exploit, plugin | Leave a comment

If your WordPress up to date?

Posted on September 10, 2009 by Owen

Is your WordPress installation up to date? If it’s not, you’ll get a constant warning message on every page telling you that you need to upgrade. And upgrading is really easy on the later versions too. There’s no messing around … Continue reading →

Posted in security | Tagged Upgrade, wordpress | 1 Comment

WordPress v2.8.4

Posted on August 15, 2009 by Owen

Hot on the heels of the latest version of WordPress comes a new version with another security hole fixed. This wasn’t a major one, just an annoyance that lets a malicious user keep reseting a particular user’s password. It wouldn’t … Continue reading →

Posted in security | Tagged release, security, wordpress | Leave a comment

Authentication in WordPress 2.8

Posted on March 14, 2009 by Owen

Just came across an interesting post called Authentication in WordPress 2.8. It talks about the implementation of OAuth in WordPress and it’s impact on users and plugin authors. The great thing about OAuth is that it would let applications and … Continue reading →

Posted in security | Tagged Authentication, OAuth, wordpress | 1 Comment

Help, my WordPress blog is giving a virus warning!

Posted on December 17, 2008 by Owen

I got called in to resolve an issue on a WordPress blog today. On the surface it looked as if the administration side of the site had broken, but the real cause turned out to be much darker than that. … Continue reading →

Posted in security | Tagged hack, security, virus | 2 Comments

Wordpress 2.6.1 Exploit: Upgrade to avoid hack

Posted on September 22, 2008 by Owen

I was reading around today after cleaning up a website that got hacked when I saw an example of a vulnerability that exists in WordPress 2.6.1 The security hole is this: Imagine a blog site using wordpress 2.6.1 and its … Continue reading →

Posted in security | Tagged exploit, hack, wordpress | Leave a comment