Tag: security

  • Simple explanation of the HeartBleed Bug!

    Here is a simple illustrated explanation from XKCD.

     

  • WordPress 3.5.1 now live – release features – all WordPress hosted sites updated

    WordPress 3.5.1 is now live and running wild on the interwebs. WordPress 3.5.1 is the first release after the major WordPress 3.5 and fixes a whopping 37 bugs and also addresses numerous security issues.  A lot of bugs in the Media Library, WYSIWYG Editor, themes issues and general defects have been fixed.

    Here are a list of fixed bugs:

    • Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
    • Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
    • Networks: Suggest proper rewrite rules when creating a new network.
    • Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
    • Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
    • Suppress some warnings that could occur when a plugin misused the database or user APIs.

    WordPress 3.5.1 also addresses the following security issues:

    • A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team.
    • Two instances of cross-site scripting via shortcodes and post content.
    • A cross-site scripting vulnerability in the external library Plupload.

    Since it fixes these security issues, we highly recommend upgrading to WordPress 3.5.1 as soon as possible. If you are hosting your WordPress website with NetON – then your site will be automatically upgraded in the next couple of days.

    Learn more about WordPress 3.5
    View a quick video of our WordPress websites