Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: WordPress Hardening - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
WordPress Hardening


Today one of our readers sent an interesting post from the developers of WordPress. It is about a just released version 2.8.5.

This version is called as the "Hardening Release", which I thought was quite great! According the post, these were new security features from the new 2.9 series that they decided to backport to the 2.8.x tree.

Among the new features/fix you can see:

  • "A fix for the Trackback Denial-of-Service attack that is currently being seen.
  • Removal of areas within the code where php code in variables was evaluated.
  • Switched the file upload functionality to be whitelisted for all users including Admins.
  • Retiring of the two importers of Tag data from old plugins."

Why does this news deserve a diary? For two reasons:

1) Wordpress is one of the most popular "publishing plataform" (blogs,etc...) and free...

2) In 2008 there were 23 vulnerabilities for it and in 2009 there are 12 vulnerabilities found so far...

So, this effort from the developers really deserves our attention and kudos...


Pedro Bueno (pbueno /%%/ isc. sans. org)



155 Posts
ISC Handler
Oct 21st 2009

Sign Up for Free or Log In to start participating in the conversation!