|
Wordpress known security issues?
Hello,
I just installed the lastest copy of Wordpress, are there any major security issues I need to know about? Thanks |
Keep it and all plug-ins updated, and that should keep you free of 99% of issues.
Every script or extra thing you add to it only makes it weaker. Wordpress as a community is pretty on top of anything that happens to the code or exploits. When you see the notice to update, check all your blogs and update them. |
I know of one exploit, but haven't reported it quite yet.
A less obvious security issue is free themes. I know it seems like I'm just saying that because I sell themes, but I'm not. The reason free themes are bad is because people find one that looks good, download it, install it, see it run and think it was a success. However, I'm seeing more and more examples of people sneaking code into free themes that get distributed. Code designed to force hardlinks to show up or to steal traffic. Some others more malicious. This is the main security risk that wordpress can't really fix, other than having a database of clean themes with a md4 hash. |
Quote:
|
Quote:
|
Quote:
|
Quote:
Some are not known yet but all have em. |
1 - keep all things updated http://wordpress.org/extend/plugins/...matic-upgrade/
2 - change admin username for something stronger with PHPMyAdmin, and use strong password 3 - use TAC as others said and security scan http://wordpress.org/extend/plugins/wp-security-scan/ 4 - don't use the fantastico WP installer... its sucks :winkwink: 5 - always RTFM! :thumbsup |
Protect wp-login.php with htaccess, so only your IP can access it.. Increases the security alot. And of course, take all the steps mentioned in this thread
|
|
| All times are GMT -7. The time now is 08:37 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123