Posts Tagged ‘Security’

« Older Entries
Newer Entries »

Stealth Login WordPress Plugin Review

Saturday, March 12th, 2011

Stealth Login WordPress Plugin

Stealth Login Plugin

Authors: skullbit, devbit
Plugin version: 1.3
WordPress versions: from 2.3 to 2.7.1 according to author’s information. I made my tests with WordPress 3.1, single.
What this plugin do?
It allows to customize URL for login, logout and register links. For example, it is possible to set login URL to "http://www.yourblog.com/login-wp-1870" instead of standard "/wp-login" one. As especially notable feature I wish to mark the so-called “Stealth mode”, which could be realized with the help of this plugin. It denies direct access to ‘wp-login.php’ script.
Read the rest of this entry

Tags: htaccess, Security, wordpress plugin review
Posted in Security, WordPress | 8 Comments »

Credit card fraud or hello from “Papal”

Tuesday, March 1st, 2011

Credit Card Fraud

Credit Card Fraud

Everyone met with spam emails. Everyone knows what to do with such noisy kind of mail – recycle bin is the right place for such messages. But some messages we read from time to time. And some of those dangerous messages we can accidentally trust.
My friends, I wish to pay your attention one more time. Again. Do not trust to emails which asks you send somewhere your passwords, credit card numbers, etc. Do not trust them, even if they looking very similar to messages you could receive from well known services.

I received such message this morning and want to show it to you. Just in order you know, how it could be masks.

Read the rest of this entry

Tags: block spam, Security
Posted in General, Security | 4 Comments »

Is unfiltered_html capability deprecated?

Saturday, February 19th, 2011

Is WordPress unfiltered_html capability deprecated

unfiltered_html

Eberle13 (“User Role Editor” plugin user) asked me a question, why ‘unfiltered_html’ user role capabiltiy does not work under WordPress multi-site? I found the reason and posted answer to the eberle13′s question at wordpress.org.
I curiously played with my test WordPress 3.1 Release Candidate 4 multi-site installation. This problem with using ‘unfiltered_html’ capability still exists in it. I decided to make special post about that as it could be interesting someone else. I tried to insert mordern HTML5 tag ‘<video>’ into post without success – it was removed by WordPress every time I saved the post changes inspite of I made that under account with ‘Editor’ role privileges. ‘Editor’ role has ‘unfiltered_html’ capability turned on by default. What is the reason? Why this capability failed to work?
Read the rest of this entry

Tags: capability, Security, User Role, WordPress
Posted in Security, WordPress | No Comments »

Custom User Roles and WordPress Core Code Compatibility Issues

Tuesday, September 14th, 2010

Custom User Roles

Custom User Roles

WordPress has good built-in users level/capabilities/roles system. Standard roles are administrator, editor, author, contributor, subscriber. This roles set is enough in the most cases for the most needs. But from time to time you need something special, something yours only. In such cases you can use User Role Editor WordPress plugin and build your own custom user role. But you should do it carefully and make thorough testing for new created user role as:

  • 1st, you could create some breaches in WordPress security system;
  • 2nd, you can loose some useful WordPress functionality.

One example of lost WordPress functionality for custom user role is described here:

Read the rest of this entry

Tags: Security, User Role, WordPress
Posted in Security, WordPress | 3 Comments »

Silence is Golden Guard WordPress plugin v. 1.5 update

Sunday, May 9th, 2010

Silence is golden guard plugin is updated

SIG GUARD Updated

Next update v.1.5 is available for Silence is Golden Guard WordPress plugin. With the help of plugin users incompatibility with WP Super Cache plugin was discovered and fixed. The problem was that blog with WP Super Cache plugin active becomes unavailable after activating of SIG plugin. Analysis showed that index.php file with redirection directive in the wp-super-cache/plugins directory results in the endless redirection loop which block the blog front-end and admin back-end access. From version 1.5 SIG plugin checks if WP Super Cache is active and create then empty index.php file for the wp-super-cache/plugins directory without redirection directive. The incompatibility issue is resolved this way.
Read the rest of this entry

Tags: plugins, Security, WordPress, wordpress plugin
Posted in Security, ShinePHP plugins news, WordPress | No Comments »

How to block WordPress admin menu item

Friday, April 23rd, 2010

Remove Admin Menu Item

Remove Admin Menu Item

Suppose you don’t wish your blog registered users see some menu items in WordPress admin back-end and it is not the user role capabilities management subject. That is no such capability exists which you can use. For example, if you need to block just user profile editor and nothing more. It can be useful if you wish to allow for the group of volunteers to use the only user budget for all of them to make some task at your blog. In this case it is important that no one from that users group can edit user password and other user profile details. So you should to block WordPress admin menu items and URLs related to the user profile editor execution.
I will show you how to make it in this post. We just add a little piece of code to your theme functions.php file. Let’s go.
Read the rest of this entry

Tags: Security, User Role, WordPress
Posted in WordPress | 28 Comments »

Silence is Golden Guard Plugin v. 1.3 is available

Monday, April 12th, 2010

Silence is golden guard plugin is updated

SIG GUARD Updated

Next update v.1.3 is available for Silence is Golden Guard WordPress plugin. It may now redirect every directory listing request to the site root, rebuild all SIG created dummy index.php file according to format selected (redirection to the root or just empty page), remove unused (garbage like) files from plugins folders, such as readme.txt, screenshot-*.gif, screenshot-*.png, screenshot-*.jpg. Those files are put into plugin setup package for wordpress.org to show information at the plugin page, and 1st – not used at your blog, 2nd – might expose plugin version to the potential attacker easy. He can see them in his browser. In case you use some plugin version with known vulnerability – it can be dangerous and it makes attackers life easier. We don’t want that, right?
If you have ideas to propose as addition to this plugin functionality, you are welcome! What staff from installed WordPress or its plugins is too promptness for the potential attackers? I will add an option to remove it to the next SIG Guard plugin version.

Tags: Security, wordpress plugin
Posted in Security, ShinePHP plugins news, WordPress | No Comments »

« Older Entries
Newer Entries »