WordPress
It seems WordPress is now ready for a basic image editor. This new feature will be in-built in WordPress 2.9 and won’t require a plug-in. Its certain, you can see it from the screenshots you’ll be able to re-size and rotate images, crop and scale them and so on. I certainly don’t expect layers, it’s just too bulky for WordPress. :-).
More»
Posted in Blog World, Open-Source, Web Utilities, WordPress | Comments Off on WordPress 2.9 to get a basic Image Editor
Here is Matt Mullenweg, the guy behind WordPress. He is here to explain to all how to keep WordPress secure.
Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.
More»
Posted in Open-Source, Security, WordPress | 1 Comment »
There are reports that older versions of WordPress -- now at version 2.8.4, are exposed to security threats.
Two clues provided by Lorelle on WordPress blog that your non-up-to-date WordPress blog is under attack;
1) Strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/ The keywords are “eval” and “base64_decode.” More»
Posted in Open-Source, Security, WordPress | 3 Comments »
WordPress 2.8.4 is an important update given that it fixes a security bug. The bug can be exploited by hackers this way:
a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner.
It is advisable to modify your WordPress admin username from default “Admin” to something else. Than can be done only in the MySQL database. That doesn’t solve all of the problems, but it renders your WordPress admin account less vulnerable.
[Download WordPress 2.8.4]
Posted in Open-Source, WordPress | 1 Comment »
An unexpected upgrade of the WordPress blogging platform has been released. WordPress 2.8.1 was released roughly two weeks ago, and nobody expected WordPress 2.8.2 to come out so soon.
The upgrade or security patch fixes an XSS vulnerability. The upgrade note says the vulnerability could be exploited this way:
“Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site”
You are strongly advised to upgrade as soon as possible. You can do it by downloading the WordPress 2.8.2 package and upload via a FTP Client to your server or from Tools -> Upgrade page of your blog’s admin.
Download WordPress 2.8.2
Posted in Open-Source, Security, WordPress | 1 Comment »
