|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
10-05-2008, 03:14 PM
|
#1 |
|
Confirmed User
Join Date: Apr 2001
Location: MI
Posts: 950
|
Wordpress known security issues?
Hello,
I just installed the lastest copy of Wordpress, are there any major security issues I need to know about? Thanks
__________________
http://www.amberscash.com webmaster {at} crazynakedchick [dot] com |
|
|
|
10-05-2008, 07:20 PM
|
#2 |
|
Confirmed User
Industry Role:
Join Date: Mar 2004
Location: Great White North
Posts: 5,794
|
Keep it and all plug-ins updated, and that should keep you free of 99% of issues.
Every script or extra thing you add to it only makes it weaker. Wordpress as a community is pretty on top of anything that happens to the code or exploits. When you see the notice to update, check all your blogs and update them.
__________________
LinkSpun - Premier Adult Link Trading Community - ICQ - 464/\281/\250 Be Seen By New Webmasters/Affiliates * Target out webmasters/affiliates based on niches your sites are for less than $20 a month. AmeriNOC - Proudly hosted @ AmeriNOC! |
|
|
|
|
10-05-2008, 08:50 PM
|
#3 |
|
Confirmed User
Join Date: Jan 2006
Location: Gringo in Puerto Rico
Posts: 4,204
|
I know of one exploit, but haven't reported it quite yet.
A less obvious security issue is free themes. I know it seems like I'm just saying that because I sell themes, but I'm not. The reason free themes are bad is because people find one that looks good, download it, install it, see it run and think it was a success. However, I'm seeing more and more examples of people sneaking code into free themes that get distributed. Code designed to force hardlinks to show up or to steal traffic. Some others more malicious. This is the main security risk that wordpress can't really fix, other than having a database of clean themes with a md4 hash. |
|
|
|
|
10-05-2008, 08:52 PM
|
#4 | |
|
(felis madjewicus)
Industry Role:
Join Date: Jul 2006
Location: In Mom & Dad's Basement
Posts: 20,368
|
Quote:
|
|
|
|
|
|
10-05-2008, 08:55 PM
|
#5 | |
|
Confirmed User
Join Date: Jan 2006
Location: Gringo in Puerto Rico
Posts: 4,204
|
Quote:
|
|
|
|
|
|
10-05-2008, 08:57 PM
|
#6 | |
|
(felis madjewicus)
Industry Role:
Join Date: Jul 2006
Location: In Mom & Dad's Basement
Posts: 20,368
|
Quote:
|
|
|
|
|
|
10-05-2008, 09:57 PM
|
#7 | |
|
Confirmed User
Join Date: Aug 2005
Posts: 2,178
|
Quote:
Some are not known yet but all have em.
__________________
|
|
|
|
|
|
10-05-2008, 11:36 PM
|
#8 |
|
Confirmed User
Join Date: Nov 2003
Location: QC
Posts: 296
|
1 - keep all things updated http://wordpress.org/extend/plugins/...matic-upgrade/
2 - change admin username for something stronger with PHPMyAdmin, and use strong password 3 - use TAC as others said and security scan http://wordpress.org/extend/plugins/wp-security-scan/ 4 - don't use the fantastico WP installer... its sucks  5 - always RTFM!  |
|
|
|
|
10-06-2008, 12:42 AM
|
#9 |
|
Confirmed User
Join Date: Dec 2002
Posts: 719
|
Protect wp-login.php with htaccess, so only your IP can access it.. Increases the security alot. And of course, take all the steps mentioned in this thread
|
|
|
|
