LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

WordPress Blog: How to Keep WordPress Secure

[Posted September 6, 2009 by corbet]

Here's an entry on the WordPress Blog on keeping installations secure - a topic WordPress administrators should be especially concerned about at the moment. "Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts."
(Log in to post comments)

WordPress Blog: How to Keep WordPress Secure

Posted Sep 6, 2009 18:28 UTC (Sun) by muwlgr (guest, #35359) [Link]

What could be simpler. Just ditch that PHP4, and you had done a lot for your security.

WordPress Blog: How to Keep WordPress Secure

Posted Sep 7, 2009 9:16 UTC (Mon) by SEJeff (subscriber, #51588) [Link]

Just spend a few hours and re-implement wordpress in django. Shouldn't be more than a weekend project for someone competent with it :)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds