Software by tag 'security'

WordPress XSS And What Can You Do About It

December 10th, 2009 in Wordpress | View Comments

Just recently, WordPress released 2.8.6 with a critical security update that patches a cross-site scripting vulnerability found by Benjamin Flesch. That’s right, the same kid who discovered a way to patch your WordPress blog by exploiting a similar XSS vulnerability has found another.

Cross-site scripting

When I started working more with web application security, I was amazed at the amount of web developers who are unaware of all the possible entry points the applications they develop have. Of these vulnerabilities, cross-site scripting (or XSS) still leads the pack according to WhiteHat Security.

A cross-site scripting vulnerability takes place when an attacker injects a client-side script into a web page. This attack can be used to bypass access controls, steal cookies, and hijack an active session to steal sensitive information.

(more…)

10 Essential WordPress Plugins For New WordPress Installation

October 4th, 2009 in Wordpress | View Comments

WordPress has a lot of powerful plugins that will add extra functionality to your blog. There are more than 6k plugins available in WordPress Plugin Directory when this article is written.

Different WordPress plugins surf their own purposes, and installing too many plugins will slow down your system and increase the loading time. So, how should we choose the necessary plugins for our blog? Most of the new WordPress users will ask this question.

In this article, we will list down 10 essential WordPress plugins for a new blog. These are common plugins that will help you to secure your WordPress blog, fight spam, and increase your search engine ranking.

1. Akismet

Akismet is a powerful anti spam plugin for WordPress. It comes with your WordPress installation, but you need to register at WordPress.com in order to get your unique API key and activate the plugin. Some WordPress users choose to review the spams, because sometimes Akismet will incorrectly marks a legitimate comment as spam.
Akismet

(more…)

WordPress Anti Spam: 12 Great WordPress Plugins To Help You Fight Spam

September 10th, 2009 in Wordpress | View Comments

There are thousands of spammers flood your blog everyday, and spam comments is a serious problem for all bloggers. Everyday, we need to go through the comments and read them to make sure these comments are not spam. These spam comments not only waste our time, but also the internet bandwidth.

Today, we are going to look into 12 great WordPress anti spam plugins, which will save your time by blocking spam bots to comment on your blog, prevent them from stealing email address from your articles, and help you fight against these spam bots.

1. Akismet

Akismet is the most popular anti spam plugin for WordPress. In order to use Akismet, you have to register an account at WordPress.com and get the API key. When new comment come to your blog, Akismet will check the comment through the web service to determine if it is spam. Suspected comments will be marked as spam and users can go through them later.

2. AVH First Defense Against Spam

This plugin has a different approach to check spam. When visitors come to your blog, this plugin will first check their IPs, to see whether these IPs exist in the database served by stopforumspam.com, the Project Honey Pot or a local blacklist. By this way, the spammer can be blocked before the content of your site is served.

(more…)