Posts Tagged ‘Security’

« Older Entries

MyEasyBackup plugin security update

Monday, March 1st, 2010

WordPress plugin security fix

WordPress plugin security fix

I’m glad to inform you that the MyEasyBackup WordPress plugin security issue I reported yesterday for 0.0.2 version is fixed with 0.0.3 version. It is perfect. Wonderfully! Thanks to Ugo Grandolini aka “camaleo” for so fast reaction and reliable security update.

MyEasyBackup WordPress plugin is useful for those who wish to get blog backup copies on a regular base and doesn’t familiar with tar, gzip, mysqldump, linux shell, etc. or just doesn’t have SSH access to his/her blog. User friendly interface lets you make full blog backup really easy. So “MyEasyBackup” confirms its name by its functionality. (more…)

Tags: Security, WordPress, wordpress plugin review
Posted in WordPress, plugins | Comments

MyEasyBackup plugin breaks WordPress security

Sunday, February 28th, 2010

WP breaked by plugin

WP breaked by plugin

MyEasyBackup WordPress plugin can make your life easier simplifying WordPress files and MySQL data backup operation. But be aware when installing its version 0.0.2 as this version simplifies the life to the intruders also. It is a new, just published plugin. WordPress.org Stats page shows 280 downloads already at the moment I write this post. This plugin can become popular. But plugin author Ugo Grandolini needs to make security fix to his code ASAP as plugin gives access to the critical blog data to any curious intruder. Do you wish to check it yourself? (more…)

Tags: Security, WordPress, wordpress plugin, wordpress plugin review
Posted in Security, WordPress, plugins | Comments

WordPress 2.9.2 Security Update Details

Wednesday, February 17th, 2010

WordPress 2.9.2 Security Update

WordPress 2.9.2 Security Update

February 15, 2010 WordPress.org announced WordPress 2.9.2 release. WordPress development blog says about fixing the “…problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2“. Upgrade procedure is simple as usual. You can use the upgrade link at the top of admin dashboard page to upgrade WordPress version automatically. Other way is to change all WordPress files manually. There are no any changes in the database structure comparing with 2.9.1 version, just a few changes in the PHP source code. Check the details below. (more…)

Tags: Security, WordPress
Posted in Security, WordPress | Comments

Platinum SEO 1.3.2. What is new?

Tuesday, February 16th, 2010

Platinum SEO 1.3.2. What's new?

Platinum SEO 1.3.2. What's new?

Platinum SEO WordPress plugin version 1.3.2 was published at 13 February, 2010. It is a good news. It has a full enough set of options. It works good and don’t bother me with bugs. It don’t ask donations insistently as some others plugins can do. I like this plugin. And I was glad to get something new from its author.
ChangeLog note at WordPress.org says about some compatibility with WordPress 2.9.1 fix. What was incompatible with WordPress 2.9.1? What was changed in this plugin version really? Do you need to make upgrade for this version? Interested? Proceed reading. (more…)

Tags: Security, WordPress, wordpress plugin
Posted in Security, WordPress | Comments

How to change WordPress MU User Role capabilities

Saturday, February 13th, 2010

User roles WordPress MU

User roles WordPress MU

From the post How to change WordPress User Role capabilities we know already how to make it for the ordinal not multi-user (MU) WordPress. It this post I will show you how to change the user role capabilities for the WordPress MU platform.
As you know WPMU lets to have multiple blogs under single WordPress installation. Blog list is stored in the wp_blogs database table. We will use blog ID attribute (blog_id field value) from this table. WPMU stores every blog data in the separate database tables set. Every blog data set differs with its blog ID in the name of the database tables, e.g. blog with ID=1 has wp_1_options table, blog with ID=2 has wp_2_options table, etc. So, to get the blog id=1 user roles capabilities from the database we can use this SQL query (more…)

Tags: Security, User Role, WordPress, WPMU
Posted in Security, WordPress MU | Comments

How to change WordPress User Role capabilities

Sunday, November 22nd, 2009

User Roles

User Roles


Every WordPress blog owner knows that WordPress 2.8 and higher user standard roles are: Administrator, Editor, Author, Contributor, Subscriber.
What is the difference? What the “Author” can do but “Contributor” can not? Comprehensive information about it can be found here, at WordPress.org
But where all that data are stored? How to change the role if you really need it? Interested? Read this article and you will get some answers on that questions. Recently I met with the following problem at the multi-authored blog. User with role “Author” can upload images to the blog server, but can not use it in his/her posts. Any HTML tags are immediately hidden from post text after “Author” saves his draft or post. (more…)

Tags: Security, WordPress
Posted in Security, WordPress | Comments

WordPress 2.8.6 Security Release Details

Saturday, November 14th, 2009

Wordpress 2.8.6 Security Release

Wordpress 2.8.6 Security Release

WordPress 2.8.6 Security Release was published. Official page at wordpress.org doesn’t say too much about it, just that:
2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended. The first problem is an XSS vulnerability in Press This. The second problem is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.
Is it interesting for you what changes were made in terms of PHP source code? Let’s try to discover WordPress 2.8.6 Security Release details together. (more…)

Tags: PHP, Security, WordPress
Posted in PHP, Security, WordPress | Comments

« Older Entries