Tag Archives | Old Version

WordPress 2

Wordpress 2.5.1 Is Available

If you’ve yet to realize WordPress 2.5.1 is now available and you should update your current WordPress to make sure that it’s up to date. The update has some bug fixes which are important and also some more performance enhancements which were unexpected. If your blog is using any sort of open registration then you need to make sure your WordPress blog is running on version 2.5.1 because there is a serious defect in WordPress 2.5 and not many people know of it yet but the public eventually will become aware of the vulnerability and capitalize off of it. To protect your blog you should make sure to download the update which is WordPress 2.5.1.

There were some improvements made to the admin panel and more specifically the posting pages and this was well needed. More importantly though this update fixed seventy bugs and some of them were quite serious. This is why if you don’t update your WordPress software then you could run the possibility of being exposed to intruders due to bugs in the old versions. The widget admin has also been tampered with, and I feel for the better as it’s now easier to customize your sidebars.

One of the best security updates implemented in this version of WordPress if the ability to add in the SECRET KEY constant into the wp-config.php file. This will help your WordPress blog become more secure which is very important when blogging, especially once you get popular. Once you’re popular at blogging people will do anything they can to gain access to your blog, and usually the main cause of people gaining access is due to an old version of WordPress being installed rather then the newest version. If you want to make sure that your blog is safe and secure then download the update which is WordPress 2.5.1 and make sure that you get your SECRET KEY for you blog. There is also other plug-ins you can find which can benefit your blogs security features. Blogging is worldwide and very popular now and people are earning thousands of dollars blogging, if you’re one of the people out there blogging then ensure you have the most up to date version of WordPress at all times. The best place to find out about the current version of WordPress is at WordPress.com.

0

WordPress Plugins – What Are Their Security Risks

WordPress Plugins – What Are Their Security Risks?

The WordPress platform owes a lot of its popularity to the availability of thousands of plugins that perform any function a site owner may need. Simply put if you need to do something there is probably an existing plugin to do it. But what are the security risks that come with installing WordPress plugins? I will tie these threats to the central principles of information security which include Confidentiality, Integrity and Availability.

Confidentiality – Goal is to prevent the disclosure of information to unauthorized individuals or systems

Integrity – Goal is to ensure that data cannot be modified without detection

Availability – Goal is to ensure your site is available when someone tries to access it.

Plugins vary in code size from very simple to very complex. 99.9% of plugin users do not have the time or expertise to do a security review of the code prior to installing a plugin. That means you are at the mercy of the developer that nothing malicious has been programmed into the plugin that could affect the confidentiality, integrity and availability of your site. For this reason it is best to stick with WordPress plugins that have a large user base and come from more trusted sources.

Plugins are primarily developed by individual developers or very small teams with limited budget for testing. That means if you are an early adopter of a plugin you are the equivalent of a beta tester so it is wise to avoid being on the bleeding edge of adopting a new plugin version unless there is a security vulnerability in the old version that is actively being exploited in the wild. Otherwise you risk something going wrong with the plugin that could negatively impact the availability of your site. For this reason it is important to have a viable backup of your site prior to installing a new plugin or upgraded a currently installed one.

When you install a WordPress Plugin you are installing an application. That means you should careful consider whether you need and intend to use the plugin regularly. Each plugin installed required additional site administrative overhead in the form of applying upgrades to ensure you are running the latest version. For this reason it is important to only install plugins that will be activated on your site and plugins not active should be removed to eliminate a potential source of vulnerability.

0