Archive for the ‘Security’ Category

« Older Entries

Silence is Golden Guard WordPress plugin v. 1.5 update

Sunday, May 9th, 2010

Silence is golden guard plugin is updated

SIG GUARD Updated

Next update v.1.5 is available for Silence is Golden Guard WordPress plugin. With the help of plugin users incompatibility with WP Super Cache plugin was discovered and fixed. The problem was that blog with WP Super Cache plugin active becomes unavailable after activating of SIG plugin. Analysis showed that index.php file with redirection directive in the wp-super-cache/plugins directory results in the endless redirection loop which block the blog front-end and admin back-end access. From version 1.5 SIG plugin checks if WP Super Cache is active and create then empty index.php file for the wp-super-cache/plugins directory without redirection directive. The incompatibility issue is resolved this way.
Read the rest of this entry

Tags: plugins, Security, WordPress, wordpress plugin
Posted in Security, ShinePHP's plugins news, WordPress, plugins | View Comments

Silence is Golden Guard Plugin v. 1.3 is available

Monday, April 12th, 2010
Silence is golden guard plugin is updated

SIG GUARD Updated

Next update v.1.3 is available for Silence is Golden Guard WordPress plugin. It may now redirect every directory listing request to the site root, rebuild all SIG created dummy index.php file according to format selected (redirection to the root or just empty page), remove unused (garbage like) files from plugins folders, such as readme.txt, screenshot-*.gif, screenshot-*.png, screenshot-*.jpg. Those files are put into plugin setup package for wordpress.org to show information at the plugin page, and 1st – not used at your blog, 2nd – might expose plugin version to the potential attacker easy. He can see them in his browser. In case you use some plugin version with known vulnerability – it can be dangerous and it makes attackers life easier. We don’t want that, right?
If you have ideas to propose as addition to this plugin functionality, you are welcome! What staff from installed WordPress or its plugins is too promptness for the potential attackers? I will add an option to remove it to the next SIG Guard plugin version.

Tags: Security, wordpress plugin
Posted in Security, ShinePHP's plugins news, WordPress | View Comments

Silence is Golden Guard WordPress plugin

Sunday, March 14th, 2010

Silence is Golden Guard

Silence is Golden Guard

Silence is golden guard WordPress plugin prevents your blog directories from listing if visitor types just directory name as the URL,
e.g. http://yourdomain/wp-content/plugins/
Did you see small 30 bytes only index.php files in the folders of WordPress installation? If you don’t know for what reason those files included into WordPress package please read this post “Silence is Golden”.
This plugin can scan your WordPress blog installation subdirectories for the presence of such dummy index.php files and create it if index.php file doesn’t exist in the directory. As the second line of defence against directory listing plugin can add special “-Indexes” option into Apache Web Server .htaccess file placed at the WordPress root directory.
Read the rest of this entry

Tags: WordPress, wordpress plugin
Posted in Security, ShinePHP WordPress Plugins, WordPress, plugins | View Comments

MyEasyBackup plugin breaks WordPress security

Sunday, February 28th, 2010

WP breaked by plugin

WP breaked by plugin

MyEasyBackup WordPress plugin can make your life easier simplifying WordPress files and MySQL data backup operation. But be aware when installing its version 0.0.2 as this version simplifies the life to the intruders also. It is a new, just published plugin. WordPress.org Stats page shows 280 downloads already at the moment I write this post. This plugin can become popular. But plugin author Ugo Grandolini needs to make security fix to his code ASAP as plugin gives access to the critical blog data to any curious intruder. Do you wish to check it yourself?
Read the rest of this entry

Tags: Security, WordPress, wordpress plugin, wordpress plugin review
Posted in Security, WordPress, plugins | View Comments

WordPress 2.9.2 Security Update Details

Wednesday, February 17th, 2010

WordPress 2.9.2 Security Update

WordPress 2.9.2 Security Update

February 15, 2010 WordPress.org announced WordPress 2.9.2 release. WordPress development blog says about fixing the “…problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2“. Upgrade procedure is simple as usual. You can use the upgrade link at the top of admin dashboard page to upgrade WordPress version automatically. Other way is to change all WordPress files manually. There are no any changes in the database structure comparing with 2.9.1 version, just a few changes in the PHP source code. Check the details below.
Read the rest of this entry

Tags: Security, WordPress
Posted in Security, WordPress | View Comments

Platinum SEO 1.3.2. What is new?

Tuesday, February 16th, 2010

Platinum SEO 1.3.2. What's new?

Platinum SEO 1.3.2. What's new?

Platinum SEO WordPress plugin version 1.3.2 was published at 13 February, 2010. It is a good news. It has a full enough set of options. It works good and don’t bother me with bugs. It don’t ask donations insistently as some others plugins can do. I like this plugin. And I was glad to get something new from its author.
ChangeLog note at WordPress.org says about some compatibility with WordPress 2.9.1 fix. What was incompatible with WordPress 2.9.1? What was changed in this plugin version really? Do you need to make upgrade for this version? Interested? Proceed reading.
Read the rest of this entry

Tags: Security, WordPress, wordpress plugin
Posted in Security, WordPress | View Comments

How to change WordPress MU User Role capabilities

Saturday, February 13th, 2010

User roles WordPress MU

User roles WordPress MU

From the post How to change WordPress User Role capabilities we know already how to make it for the ordinal not multi-user (MU) WordPress. It this post I will show you how to change the user role capabilities for the WordPress MU platform.
As you know WPMU lets to have multiple blogs under single WordPress installation. Blog list is stored in the wp_blogs database table. We will use blog ID attribute (blog_id field value) from this table. WPMU stores every blog data in the separate database tables set. Every blog data set differs with its blog ID in the name of the database tables, e.g. blog with ID=1 has wp_1_options table, blog with ID=2 has wp_2_options table, etc. So, to get the blog id=1 user roles capabilities from the database we can use this SQL query
Read the rest of this entry

Tags: Security, User Role, WordPress, WPMU
Posted in Security, WordPress MU | View Comments

« Older Entries