Comments on: Check Your WordPress Security

By: The Plaid Cow

The Plaid Cow — Wed, 23 Apr 2008 12:37:29 +0000

Your defense is only as strong as the weakest link? How well protected is the entry point for the files which will be updated automatically? Against an insider?

By: Jamie Thingelstad

Jamie Thingelstad — Mon, 14 Apr 2008 19:57:27 +0000

The thought of posts being modified is scary! Anyone thinking of a PGP signing capability to lock down posts? Would be really nice to have that level of protection.

By: Peter Hosey

Peter Hosey — Mon, 14 Apr 2008 19:38:03 +0000

Incidentally, the injection that I had happened with WordPress 2.3.3—which, at the time, was the latest version. Staying up-to-date didn’t help me there.

That’s not to say that it’s a bad idea; just that it’s not foolproof. A real security solution involves multiple defenses: up-to-date code, a strong password (both on your blog and on your hosting account), etc.