Press "Enter" to skip to content

Posts tagged as “wordpress”

Drupal Hack & WordPress Users

It’s not a good day for Drupal users, with the security folks at the CMS platform telling all users to consider themselves compromised if they didn’t install a security patch within seven hours of its release on October 15th.

Fixing the infected sites will require a bit of work. Sites will need to be taken offline, and the current install of Drupal blown-up and replaced with a backup from before October 15th. Any changes made made to a site since that date will have to be redone. Site owners will also need to notify their hosting companies of the situation, since the Drupal exploit could also be used to hack into other sites on a host’s server. Hosts will not be happy to hear this.

Users of other CMS platforms can give a sigh of relief — after all, they’ve dodged a bullet — but they’d be well advised to pay attention; a similar scenario could play out on any platform at any time.

Brute Force Attacks on WordPress Sites Underway

At about 1 p.m. this afternoon the security company behind the WordFence plugin for WordPress issued a security advisory via email informing users of their plugin that WordPress sites are currently under a brute force attack.

“As of 11am eastern time this morning we are monitoring the largest distributed brute force attack on WordPress installations that we’ve seen to date. The real-time attack map on www.wordfence.com became so busy that we’ve had to throttle the amount of traffic we show down to 4% of actual traffic.

“A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly sending login attempts. A distributed brute force attack is when an attacker uses a large number of machines spread around the internet to do this in order to circumvent any blocking mechanisms you have in place.”

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

WordPress – Too Fast For Comfort

Something’s got to give with the WordPress cycle.

Just three months ago, back in September, WordPress issued version 3.6.1 of their content management and blogging platform. Last week they issued 3.8. In between there was 3.7 and 3.7.1, the later release raising eyebrows when it included an automatic “minor point” upgrade feature that can’t be easily disabled.

That’s an average of one release per month, a burden for someone trying to keep sites safe from exploitation by the black hats. By quickening the pace of releases, WordPress may be inadvertently forcing webmasters into remaining with older versions, a potential security risk. Just as the enterprise balked at too much “release often” pressure from their vendors, folks who administer WordPress sites would be justified in complaining and pushing for a solution to this aspect of the WordPress development process.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

The Importance of Free Websites

On October 26th, ten year old Charlie Thompson went to a Halloween party at a friends house in rural New York state. The weather was reasonably mild, so much of the party took place outside. At some point the children began playing a game of hide and seek. Charlie and another boy found a wooden board that Charlie thought would be a perfect place to hide. He lifted the board and knelt on another board that was underneath.

The board on which he knelt was old and rotten. Unbeknownst to Charlie and his friend, it was also covering an old abandoned well. Under his weight it immediately broke, hitting him on the forehead and knocking him unconscious. He fell straight down into the well, which was eighteen feet deep. His friend immediately ran to get help.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

WordPress Becomes Big Brother & More…

FOSS Week in Review

Is Netflix coming soon to a Linux near you?

Saurav Modak at Muktware was observant enough to note last week that Netflix is now offering-up programming with a choice heretofore unavailable. For the time being they’re still pretty much married to Microsoft’s dead or dying Silverlight, but they’ve taken HTML5 on as a lover. This gives users of the popular movie outlet a choice that, at the very least, should make things easier for Linux users who insist on using the Netflix service:

“Although hackers have already made a workaround to stream Netflix videos in Linux machines, performance is generally low and video playback is not hassle free. Some workarounds include running the entire browser in Wine, or running a Silverlight plugin in Wine and make it compatible with the browser. But all of them come at a cost of performance. Switching to HTML5 from Silverlight will greatly reduce all these hassles, as all you will need is a latest standard compatible browser to stream movies and TV shows. This will also allow support for mobile devices and tablets which are adopting more HTML5 standards day by day.”

When a WordPress Update Goes Awry

I guess this is something of a cautionary tale.

The weekend before last we decided that it was time to update the WordPress installations on two of our five sites. Both sites had been using version 3.4.2 which was now a year old. Days earlier, WordPress had released 3.6.1, urging all users to update due to some serious security issues. Although it wasn’t clear that this affected the version we were using, we decided to go ahead and update. It was time.

WordPress logoThat Friday night, in the wee hours of Saturday morning actually, I upgraded If This Be Treason, our less trafficked site. I began by checking all of the plugins to make sure they were good-to-go with WordPress’ latest and greatest and then updated all that had newer versions available. Except for one, all of the plugins used by that site indicated they worked with at least 3.6.0, which was good enough I figured, since 3.6.1 was only days old and was primarily a bugfix and security release, otherwise no different than the earlier point version.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Five Essential WordPress Plugins

About two year ago I posted an article recommending some WordPress plugins. Well, times change and two years is a long time in the world of tech, so I thought it might be good for us to take another look. Some of the plugins I recommended then I’m still recommending now. I’ve replaced a few, for one reason or another, with different plugins that serve the same purpose. There are others that fill new shoes that didn’t need filling back then.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

WordPress Jetpack Plugin – An Overview

A couple of years back we ran a series of articles on plugins we considered useful for running websites on the free and open source WordPress platform. Times change. Some of those plugins we still use. Some are no longer being developed. Others, we’ve had problems with and replaced. Along the way, we found some other plugins that offer new features as well. Anyway, we thought it was time to update you–especially those of you who might be contemplating cranking-up your first WordPress site.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Essential WordPress Security Plugins

WordPress logoA few weeks ago I told you about some security precautions to take when using the open source web platform WordPress to protect your site against brute force attacks. However, those precautions are just the beginning. A website administrator has to be forever vigilant to keep the bad guys away.

Luckily, there are many plugins available to help keep your WordPress site safe and secure. Today we’re going to discuss three security plugins that I think are essential.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

How To Put Your Shields Up To Protect Your WordPress Site

In case you haven’t heard, the popular open source website platform, WordPress, is under attack by black hat hackers. These attacks are being waged primarily against sites using the WordPress platform that are not being hosted on wordpress.com. According to KrebsonSecurity, a small botnet is being used to break into the back door of WordPress sites in an apparent attempt to build a super botnet:

“According to Web site security firm Incapsula, those responsible for this crime campaign are scanning the Internet for WordPress installations, and then attempting to log in to the administrative console at these sites using a custom list of approximately 1,000 of the most commonly-used username and password combinations.

“Incapsula co-founder Marc Gaffan told KrebsOnSecurity that infected sites will be seeded with a backdoor that lets the attackers control the site remotely (the backdoors persist regardless of whether the legitimate site owner subsequently changes his password). The infected sites then are conscripted into the attacking server botnet, and forced to launch password-guessing attacks against other sites running WordPress.”

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Breaking News: