Comments on: Techcrunch Says WordPress a Massive Security Risk http://www.allthingscahill.com/2008/06/techcrunch-says-wordpress-a-massive-security-risk/ The online home for Mark Cahill, and indeed, all things Cahill! Wed, 08 Feb 2012 18:48:04 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Mark Cahill http://www.allthingscahill.com/2008/06/techcrunch-says-wordpress-a-massive-security-risk/comment-page-1/#comment-505 Mark Cahill Wed, 18 Jun 2008 19:54:44 +0000 http://www.allthingscahill.com/?p=525#comment-505 I'm going to say at this point the article was a scurrilous attack on Automattic - seeing as the author did not respond to direct article comments asking for clarification. I ran a Developer Brown Bag on Wordpress Security with my team today and we went over many of the most recent security issues. Very interesting stuff - and most of the attacks would require either someone to release a package script (for the script kiddies) or a very serious knowledge of coding. The bottom line: 1. Stay up to date 2. Use only plugins in general release and keep them up to date. 3. Htaccess protect wp-admin 4. Use as few plugins as possible (Do you hear me, DC!) 5. Back up and always assume you could lose the stuff on the webserver at any point. 6. If you use other software, or code yourself, be sure every single form field is protected properly against SQL Injection Attacks. I’m going to say at this point the article was a scurrilous attack on Automattic – seeing as the author did not respond to direct article comments asking for clarification.

I ran a Developer Brown Bag on WordPress Security with my team today and we went over many of the most recent security issues. Very interesting stuff – and most of the attacks would require either someone to release a package script (for the script kiddies) or a very serious knowledge of coding.

The bottom line:

1. Stay up to date
2. Use only plugins in general release and keep them up to date.
3. Htaccess protect wp-admin
4. Use as few plugins as possible (Do you hear me, DC!)
5. Back up and always assume you could lose the stuff on the webserver at any point.
6. If you use other software, or code yourself, be sure every single form field is protected properly against SQL Injection Attacks.

]]> By: Esteban http://www.allthingscahill.com/2008/06/techcrunch-says-wordpress-a-massive-security-risk/comment-page-1/#comment-504 Esteban Wed, 18 Jun 2008 16:08:58 +0000 http://www.allthingscahill.com/?p=525#comment-504 In my own experience Automattic is extremely quick in fixing security holes. For instance they jumped from 2.5 to 2.5.1 in less than a month due to the security risks they found... In my own experience Automattic is extremely quick in fixing security holes. For instance they jumped from 2.5 to 2.5.1 in less than a month due to the security risks they found…

]]> By: Austin http://www.allthingscahill.com/2008/06/techcrunch-says-wordpress-a-massive-security-risk/comment-page-1/#comment-502 Austin Fri, 13 Jun 2008 17:05:12 +0000 http://www.allthingscahill.com/?p=525#comment-502 Not all the issues are over a year old, but <a href="http://pressedwords.com/techcrunch-on-wordpress-security/" rel="nofollow">as I discovered</a>, all the blogs he cites as attacked had been running outdated versions of WordPress for a while. Not all the issues are over a year old, but as I discovered, all the blogs he cites as attacked had been running outdated versions of WordPress for a while.

]]>