How to Keep WordPress Secure
A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for bloggers as well — a little bit of work on an upgrade now saves a lot of work fixing something later. Right now there is a worm making its way around old, unpatched versions of WordPress. [...]
Posted by Matt Date: Saturday, September 5, 2009
Categories: Ferret News, Security
Tags: advice, Club, google, Hide, Mark Pilgrim, open heart surgery, page attempts, security bug, stitch, stitch in time, stitch in time saves nine, time, true advice, version, WordPress, work, worm
WordPress 2.8.4: Security Release
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password [...]
Posted by Matt Date: Tuesday, August 11, 2009
Categories: Ferret News, Security
Tags: password, password reset, remote access, reset, Security, security check, URL, user, vulnerability, Yesterday
The WordPress 2.0.x Legacy Branch is Deprecated
The WordPress team had initially committed to maintaining the WordPress 2.0.x legacy branch until 2010. Unfortunately, we bit off more than we could chew—the 2.0.x branch is now retired and deprecated, a few months shy of 2010. Many of the security improvements to the new versions of WordPress in the last couple of years were complete [...]
Posted by Mark Jaquith Date: Wednesday, July 29, 2009
Categories: Ferret News, Security
Tags: branch, bugs, latest security, legacy, older versions, Porting, scope, Security, security enhancements, security improvements, task, team, testament, WordPress, x branch
