Archive for December, 2010

WordPress 3.0.4 Is Now Available

Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

Source: wordpress.org

Advertisements

Top 10 WordPress Security and Website Tips

When Office To-Go takes over WordPress website maintenance or a new project, we employ these security measures and recommendations.

1. Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear “above the fold.” Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve – screaming logos and headers!

2. Use STRONG passwords of 10 or more characters and DO NOT use “admin” for a username. Create a new user profile assigned to the administrator role, log back in with the new user profile and DELETE the admin file. It can’t be said strongly enough: use strong passwords for WordPress and any other site which requires passwords. Use an online password generator.

3. BACK UP your site regularly and keep a copy on your computer and off-site storage. If you have a very active site, back up daily. You spend a lot of time and money on your website, don’t skip this! The one complete solution that does it all is BackupBuddy, no other plug-ins back up your files, widgets, plugins and database. Need to move your site to another host, this will do it in less than a few minutes!

4. Select your plugins wisely, too many will slow down your site. Badly coded plugins are a hacker’s back door into your website.

5. Install the WordPress Firewall Plugin. This plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks.

6. Move your configuration file one level above the root directory of your server (if you’re running WP in the root directory of your site as opposed to yourdomain.com/blog subfolder).

7. Do not use wp_ as a prefix for your databases. Most web hosting companies are eliminating that default now but if yours does not, change wp_ to anything else but that.

8. Install Secure WordPress plugin.

9. Install an anti-spam plugin such as WP-SpamFree.

10. Rewrite your .htaccess file to lock down your wp-admin directory by IP addresses. Add the following code to your file, replacing xxx.xxx.xxx.xxx with your IP address:

AuthUserFile /dev/null

AuthGroupFile /dev/null

AuthName “Access Control”

AuthType Basic

order deny,allow

deny from all

#IP address to Whitelist

allow from xxx.xxx.xxx.xxx

Article Source:

http://EzineArticles.com/?expert=Cyndi_Papia

WordPress 3.0.3

WordPress 3.0.3 is available and is a security update for all previous WordPress versions.

This release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts.

These issues only affect sites that have remote publishing enabled.

Remote publishing is disabled by default, but you may have enabled it to use a remote publishing client such as one of the WordPress mobile apps. You can check these settings on the “Settings → Writing” screen.

Download 3.0.3 or update automatically from the “Dashboard → Updates” screen in your site’s admin area.

WordPress 3.0.2 – Mandatory Security Release

WordPress 3.0.2 is available and is a mandatory security update for all previous WordPress versions. Haiku has become traditional:

Fixed on day zero
One-click update makes you safe
This used to be hard

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue!

Download 3.0.2 or update automatically from the Dashboard > Updates menu in your site’s admin area. You should update immediately even if you do not have untrusted users.

Source: wordpress.org

%d bloggers like this: