Posts Tagged security
WordPress.org responds to ‘security issues’ claim
A rather vexed member of the WordPress.org team has responded to recent ‘security issues’ suffered by WordPress bloggers hosted with Network Solutions:
Summary: A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files, and some members of the “security” press have tried to turn this into a “WordPress vulnerability” story…
A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.
I’m not even going to link any of the articles because they have so many inaccuracies you become stupider by reading them.
So, just to make it clear: your WordPress installation hosted with Blue Globe is as secure as ever, because we do configure our servers properly. Just in case you had heard any of these security rumours I thought I’d put your mind at rest.
WordPress 1.9.2 Hack to be aware of
Posted by admin in Security Alert, Wordpress on April 12, 2010
We have become aware of a WordPress hack that seems to be affecting WordPress 1.9.2, the current latest version of WordPress. No one seems to be sure how the hack is happening but the effects seem to be (according to ghacks.net):
Attackers either manipulate the blog to spread malware (more recently) or to cloak links that are only visible to search engines
No one seems to have mentioned anything on the WordPress forums, but you can read more on the following blogs:
- Christopher Penn – Find the Latest WordPress hack (this website includes a fix, but not protection, yet)
- WPblogger – Google Cloaking Hack Targeting WordPress
We’ll keep you posted if we get any updates. In the meantime, you might want to install a WordPress plugin like Antivirus for added protection.
