Wordpress known security issues?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Speedy26
    Confirmed User
    • Apr 2001
    • 950

    #1

    Wordpress known security issues?

    Hello,

    I just installed the lastest copy of Wordpress, are there any major security issues I need to know about?

    Thanks
    http://www.amberscash.com webmaster {at} crazynakedchick [dot] com
  • Jdoughs
    Confirmed User
    • Mar 2004
    • 5794

    #2
    Keep it and all plug-ins updated, and that should keep you free of 99% of issues.

    Every script or extra thing you add to it only makes it weaker. Wordpress as a community is pretty on top of anything that happens to the code or exploits.

    When you see the notice to update, check all your blogs and update them.
    LinkSpun - Premier Adult Link Trading Community - ICQ - 464/\281/\250
    Be Seen By New Webmasters/Affiliates * Target out webmasters/affiliates based on niches your sites are for less than $20 a month.
    AmeriNOC - Proudly hosted @ AmeriNOC!

    Comment

    • teg0
      Confirmed User
      • Jan 2006
      • 4204

      #3
      I know of one exploit, but haven't reported it quite yet.

      A less obvious security issue is free themes. I know it seems like I'm just saying that because I sell themes, but I'm not. The reason free themes are bad is because people find one that looks good, download it, install it, see it run and think it was a success. However, I'm seeing more and more examples of people sneaking code into free themes that get distributed. Code designed to force hardlinks to show up or to steal traffic. Some others more malicious. This is the main security risk that wordpress can't really fix, other than having a database of clean themes with a md4 hash.

      Comment

      • Angry Jew Cat - Banned for Life
        (felis madjewicus)
        • Jul 2006
        • 20368

        #4
        Originally posted by teg0
        I know of one exploit, but haven't reported it quite yet.

        A less obvious security issue is free themes. I know it seems like I'm just saying that because I sell themes, but I'm not. The reason free themes are bad is because people find one that looks good, download it, install it, see it run and think it was a success. However, I'm seeing more and more examples of people sneaking code into free themes that get distributed. Code designed to force hardlinks to show up or to steal traffic. Some others more malicious. This is the main security risk that wordpress can't really fix, other than having a database of clean themes with a md4 hash.
        http://wordpress.org/extend/plugins/tac/ solution to this problem, works great. scan your themes before activating them.

        Comment

        • teg0
          Confirmed User
          • Jan 2006
          • 4204

          #5
          Originally posted by Angry Jew Cat
          http://wordpress.org/extend/plugins/tac/ solution to this problem, works great. scan your themes before activating them.
          I knew about that, but its a joke. Took me less than 5 minutes to trick it with some known theme exploits.

          Comment

          • Angry Jew Cat - Banned for Life
            (felis madjewicus)
            • Jul 2006
            • 20368

            #6
            Originally posted by teg0
            I knew about that, but its a joke. Took me less than 5 minutes to trick it with some known theme exploits.
            well, nothing id going to top going through each .php file manually, but this works quite well as is for catching most embedded code in wordpress themes that i've come across thus far...

            Comment

            • Azoy?
              Confirmed User
              • Aug 2005
              • 2178

              #7
              Originally posted by Speedy26
              Hello,

              I just installed the lastest copy of Wordpress, are there any major security issues I need to know about?

              Thanks
              All software made by humans have security issues.
              Some are not known yet but all have em.

              Comment

              • sam from montreal
                Confirmed User
                • Nov 2003
                • 296

                #8
                1 - keep all things updated http://wordpress.org/extend/plugins/...matic-upgrade/
                2 - change admin username for something stronger with PHPMyAdmin, and use strong password
                3 - use TAC as others said and security scan http://wordpress.org/extend/plugins/wp-security-scan/
                4 - don't use the fantastico WP installer... its sucks
                5 - always RTFM!
                SEO r0ck st@r

                Giving tips 107776092 [email protected]

                Comment

                • nickutis
                  Confirmed User
                  • Dec 2002
                  • 719

                  #9
                  Protect wp-login.php with htaccess, so only your IP can access it.. Increases the security alot. And of course, take all the steps mentioned in this thread

                  Comment

                  • fris
                    Too lazy to set a custom title
                    • Aug 2002
                    • 55679

                    #10
                    http://www.noupe.com/how-tos/wordpre...and-hacks.html
                    Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

                    Comment

                    Working...