With all of the potential ways the bad guys can exploit websites (literally thousands), many people want to know what the best way is to actually uncover these flaws. Well, there’s no magic bullet answer, however, generally speaking Web flaws can be discovered in one…
WordPress Users Roles
In a typical WordPress installation one can find a good number of users. Bloggers typically create new users on their blog to allow third party contributors to add blog posts, edit them, delete posts and to even activate or deactivate a plugin. These tasks are…
Reuters.com WordPress hacked. False Syria blog posts posted
On Friday 3rd August 2012 Reuters.com announced that it was a victim of a hack attack. Reuters.com blogging platform (WordPress) was compromised and attackers posted several fake news articles that were attributed to its reporters. Parent company of Reuters.com, Thomson-Reuters said that along with the…
Top 5 WordPress Issues and Vulnerabilities Exploited by Malicious Hackers
Since the end of 2004, the US National Vulnerability Database has recorded 389 types of WordPress issues and vulnerabilities. With more than 73 million websites, WordPress has become one of the most preferred exploitation destinations for attackers across the globe. While WordPress has been continuously…
Web Security Tip of the Week: Update to WordPress 3.3.2
Just recently, the WordPress development team released the latest and greatest version of the web platform – WordPress 3.3.2. It is always important that you update your WordPress installation to the latest version, as it addresses bug fixes and security issues reported in the previous…
Avoid Using the Root Account to Access a WordPress MySQL Database
Nowadays, most web applications use databases in order to store all information and data required for a website or blog to run efficiently and dynamically. These databases often contain configuration settings as well as confidential information, such as user passwords. In order to restrict access…
What Does Having a Hacked Website Mean?
When someone hacks a website, what are they trying to accomplish? Some just do it for fun while others have more dangerous things in mind and even worse, financial interests. Some hackers like to show off and will maybe replace your home page with a…
WordPress Version 3.3.1 released
A new version of WordPress is available for download. WordPress version 3.3.1 includes a fix for a disclosed reflected cross-site scripting vulnerability reported by Joshua H., Hoang T., Stefan Zimmerman, Chris K and the GoDaddy team. It also includes 15 other fixes for several other…
Create a WordPress htpasswd File to Secure the WP-Admin Dashboard
HTTP authentication adds a secondary layer of WordPress security that protects the admin dashboard — or wp-admin — by requiring the user to submit further authentication. After creating the .htaccess file for protecting the WordPress wp-admin folder, you should create a username and password database file…