Have you ever forgotten your password and tried to login multiple times to your bank account. After 3 failed attempts a message comes like “Your exceeded your login attempts. Please try later or contact our account reps” Brute Force Attacks or multiple failed login attempts are sometimes used by malicious users to gain access to [...]

• 0 Comments

Secunia reported Popular Wordspew plugin to have an input vulnerability which can be exploited to inject SQL commands to your wordpress installation. User supplied input to the parameter “id” could be exploited by malicious users to inject SQL. Here is how a visitor to your site can inject SQL through the plugin: From the URL [...]

• 0 Comments

WordPress users, please note WordPress has a new urgent release update. If you allow registration to you WordPress site, then I would recommend you to download and replace xmlrpc.php. WordPress 2.3.3 has other minor bug fixes as well, but if you are just looking for the security fix, then downloading xmlrpc.php should be good enough. [...]

• 0 Comments

Each wordpress version has it’s known vulnerabilities. It’s a good practice to show as little info about your site installation as possible. You don’t want to make your site an easy target. right? Well, ideally you should always upgrade to the latest version, but to be honest a lot of us put this at the [...]

• 9 Comments

Fantastico is a great tool for installing software by the click of a button. All affordable web hosting providers promote it for quick and easy site building. It is ironically, that I have to caution you from using it even though I offer affordable web hosting. It is great to build sites and experiment with, [...]

• 0 Comments

Google is now displaying a warning in the search results about any site they know to be malicious. Unfortunately, this can never be an ending task, however we need to be vigilant about it. To enter a malisious site or learn more about it click here. To spead up the process, ghettowebmaster.com created a button [...]

• 0 Comments

Mark Ghosh wrote on Web blog tools collection. Warning about sites offering free theme downloads, that alter the footer by adding links that the original authors did not include in the footer. He pointed out at BlogsTheme.com, and TemplatesBrowser.com doing this practice. I have seen a lot of internet marketers promoting blogging even alter blogs [...]

• 2 Comments

WordPress is now very popular due to it’s ease of use, and the increasing number of themes and plugins freely available for download by the user community. I knew that allowing comments, or visitors to upload photos can present additional risks to your wordpress site. Yesterday, I read a post by Alistair Croll that presented [...]

• 4 Comments

If your table prefix is “wp_” or “wp1_” or even “wordpress_”, then changing it will bring your WordPress site security to a higher level. By default Fantastico installation sets “wp_” as a prefix for each WordPress table name. Since this is a known vulnerability, malicious users can exploit your data easily. They specifically look for [...]

• 94 Comments

I found it the hard way, that some customer site were attacked by “SQL Injection”. This left me feeling disheartened, depressed, and extremly disappointed by what happened. I went ahead and setup lately a test WordPress site with the default installation from fantastico and sure enough the site was hacked. Unfortunately, a default install of [...]

• 12 Comments