WordPress Hardening - SANS Internet Storm Center

SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

WordPress Hardening
Today one of our readers sent an interesting post from the developers of WordPress. It is about a just released version 2.8.5. This version is called as the "Hardening Release", which I thought was quite great! According the post, these were new security features from the new 2.9 series that they decided to backport to the 2.8.x tree. Among the new features/fix you can see: "A fix for the Trackback Denial-of-Service attack that is currently being seen. Removal of areas within the code where php code in variables was evaluated. Switched the file upload functionality to be whitelisted for all users including Admins. Retiring of the two importers of Tag data from old plugins." Why does this news deserve a diary? For two reasons: 1) Wordpress is one of the most popular "publishing plataform" (blogs,etc...) and free... 2) In 2008 there were 23 vulnerabilities for it and in 2009 there are 12 vulnerabilities found so far... So, this effort from the developers really deserves our attention and kudos... --------------------------------------------------------------------------------------------------------------------------- Pedro Bueno (pbueno /%%/ isc. sans. org) Twitter: http://twitter.com/besecure	Pedro 155 Posts ISC Handler Oct 21st 2009
Thread locked Subscribe	Oct 21st 2009 1 decade ago