This is a guest blog post written by Randy Hoyt, author of the blog, RandyHoyt.com. He’s also the founder of Web development firm Amesbury Web. The recent attacks on older versions of WordPress have made security a hot topic in the community. There has been finger-pointing and mud-slinging from many different directions, but there has…
In this rant filled edition of WordPress Weekly, David and I along with special guest co-host Scott Clark developer and community manager for the PODS CMS plugin talk about a wide range of topics all relating to WordPress Security. We cover what happened with the worm that took advantage of old versions of WordPress, security…
Much has been said in recent weeks regarding WordPress upgrades, security, and responsibility. While I still think end users are the ones responsible for what happens regarding their WordPress powered site, I do think there are areas of improvement that the WordPress team should consider. The following is a list of some of my own…
Amidst all the fuss about what it takes to find out when there is an upgrade available for WordPress, Konrad Karpieszuk took advantage of the situation and created a plugin that provides email notifications on when an upgrade is available. The plugin sends a check to WordPress.org every day to see if the version installed…
This weeks edition of WordPress Weekly will be an open mic roundtable centered around the topic of security. We’ll talk about security practices, things to avoid doing to make upgrading a harder process, the entire situation surrounding the worm that hit older versions of WordPress, ideas for what WordPress can do better, etc. I highly…
Considering all of the security talk of the past week, I figured the poll question ought to deal with the subject. Plain and simple, do you think WordPress is secure? Let’s talk about it. [poll id=”27″]
Over the weekend, news quickly spread throughout the WordPress community of a worm that was taking advantage of older versions of WordPress. I found out about the problem through Lorelle’s twitter account where she linked to an article on her blog covering the details of the attack. Mark Ghosh of WeblogToolsCollection.com quickly followed up with…
In this episode, David and I get you caught up on the news of the week which includes a few stories from the WordPress.com side of the world. We give you the 411 on the latest version of WordPress to be released, WordPress getting it’s own URL shortener, and much more. We were also joined…
This is a guest blog post written by Brad Williams, author of the blog, Strangework.com. He’s also a developer for WebDevStudios.com I recently gave a presentation at WordCamp Montreal on WordPress Security. While doing research for my presentation I came across a bunch of great WordPress Security tips that all WordPress users should use. Surprisingly,…
Were you surprised to see WordPress 2.8.3 released? I was, but I didn’t think it would be because of the same security related issue that 2.8.1 was supposed to address. I thought 2.8.3 was released as a bug fix version as a few annoying bugs have popped up that were giving people issues. It was…
John Kolbert who authors a few different WordPress plugins has released an update to Absolute Privacy. The new update now allows XML-RPC protocols such as the iPhone App and also prevents subscribers from reaching any of the administration pages. Absolute Privacy provides a wealth of options for those wanting to really turn their blog into…
QuickOnlineTips.com has a list of what they believe to be the best nine security plugins to use with WordPress. Some of the usual suspects have made the list such as WP Security Scan. I’m not sure if it’s good to mention this or not, but I don’t use any of those plugins on the list.…
Unfortunately, I bet this is a common question. I should browse the WordPress.com forums to see how many people are inquiring about the recent security upgrade. I have read that there is an important security update for the WordPress blogging software. Do I need to upgrade my blog www.anopensource.wordpress.com, if so how can I do…
After the security vulnerability kerfuffle that I reported on the other day regarding my beloved contact form 7 plugin, the plugin author has released an update which contains the necessary security fixes. Based on the changes, we can see that the security problem lied within the fact that the previous version did not apply default…
Yesterday afternoon, I was pretty shocked to see a message over twitter from Mark Jaquith announcing that the WP Contact Form 7 plugin had a security vulnerability in it which was being exploited and that anyone using the plugin should uninstall it immediately. Contact Form 7 is a popular plugin. In fact, just the other…