As pointed out on the WordPress development blog, a cracker gained access to the wordpress.org servers and replaced the 2.1.1 download with a modified exploitable version. The exploitable download may have been on the site for three or four days! It may be a good idea for the WordPress developers to sign their releases with [...]
Archive for the ‘WordPress’ Category
wordpress.org Cracked, Exploit in 2.1.1 Release
Saturday, March 3rd, 2007WordPress SSL Patch Update
Friday, January 12th, 2007The recently released security update for WordPress introduced some changes that broke my HTTPS patch for it. I have updated the patch for WordPress 2.0.6 and 2.0.7-RC1 now: wp2-ssl.patch. Read the complete SSL setup guide here: Securing WordPress 2 Admin Access With SSL Regarding WordPress security, please note that there still is a possible exploit [...]
Securing WordPress 2 Admin Access With SSL
Sunday, January 22nd, 2006A few people have asked for an updated version of my Securing WordPress Admin Access With SSL guide. So here is an updated version for WordPress 2! The situation has not changed much since WordPress 1.5: WordPress 2.0 still does not support HTTPS access to the admin area when the rest of the blog is [...]
WordPress Security Annoyances
Thursday, August 18th, 2005As if the unprofessional handling of WordPress security announcements (see Another WordPress Security Update and More on Security Announcements) wouldn’t be bad enough, the WordPress developers also seem to have problems with organizing releases. Stefan Esser reports that there are two WordPress 1.5.2 versions. The first one, which didn’t fix the problem it was supposed [...]
More on Security Announcements
Monday, August 15th, 2005Some people seem to misunderstand what I said about the latest WordPress update. I, myself, am perfectly able to figure out what was broken and how it was fixed. That’s not the point. I was commenting on the handling of security announcements by the WordPress developers. I expect to get information about security issues from [...]
