One of my favorite apps in Backtrack Linux that I recently discovered is wpscan. There are a ton of WordPress sites in the wild and using wpscan is an excellent way to begin an audit on a WP site. There are a couple things that wpscan does that is really amazing such as enumerating logins from WordPress sites and enumerating WordPress plugins that are installed. Below are a couple examples of how wpscan can be useful for WordPress web site analysis.
I have been using the Amazon Machine Tags WordPress plugin on numerous sites for a long time and have been happy with the results up until the last couple of months. I believe that Amazon has made some changes to their API over the last year or so and it has caused a lot of issues with the Amazon Machine Tags plugin. I even wrote this article in mid February discussing a work around that would allow the Amazon Machine Tags plugin to continue working until the developer was able to make some changes. Since that time I have been monitoring my posts to see if the Amazon products are always displaying and unfortunately even with the fix mentioned in the February article items were still not displaying at all times. Below I noted an alternative that provides solid functionality.
One of the biggest problems when conducting penetration tests and vulnerability assessments is the organization of all the information obtained on the test. I used to use a program called Leo to organize my information because it had a tree like interface and you well able to create a well mapped out report of all your information. A new tool was released last year which has expanded on this same method and added some other very cool features. Dradis is an open source framework to enable effective information sharing during penetration testing exercises. It provides a centralized repository of information to keep track of what has been done so far, and what is still ahead. Dradis is thus an ideal tool to help in the process of security assesments.
I needed to add an embedded audio player into a WordPress site for a project I was working on so I started looking at various plugins. The most popular embedded audio player is a WordPress plugin called “Audio Player” which provides you with the ability to easily upload audio files to your WordPress admin site and have the audio files display and play in an embedded audio player on the front end of the WordPress site. Below I describe in more detail how to install the plugin and how to add audio files to your site after the plugin is installed.
I ran into an issue earlier where adding a sub project to an already existing Redmine project produced an error and after a little bit of troubleshooting determined that upgrading Redmine would resolve the issue. During the upgrade process I ran into some other issues including a specific migration error using rake that is noted below. The upgrade process involved upgrading Redmine 0.8.3 to Redmine 0.9.3.