Recently there was a 0-day vulnerability posted for WordPress which allows users with edit post capabilities to issue SQL injection attacks against the WordPress site. Depending on the type of site that you run this isn’t a huge deal unless you allow any users that sign up to edit and publish articles on the WordPress site. One of the things that could help assist in this type of scenario is knowing who logins in and when as well as knowing if there are failed logins which could help indicate malicious activity. Below is information on a plugin that can accomplish both of these goals.
We have a site that does automated tasks using GPU processing however at times we use the GPU processing for other tasks which requires us to disable access to the public. The easiest way to do this is to install a WordPress maintenance mode type plugin that will allow you to easily disable access to the public but not require much work. Having a site in maintenance mode is also beneficial for any major site changes that may prevent a bad customer experience when visiting your WP site. Below are instructions on installing the WP Maintenance Mode plugin as well as information on putting your site in maintenance mode and bringing it out of maintenance mode.
I knew that one of my clients web sites is running an older version of WordPress. When I upgrade WordPress I like to know exactly what version is running so I can use something like WinMerge to compare every single file in the WordPress installation to verify specifically what is going to be upgraded. This is useful if you run into any problems you can attempt to only roll back specific files to see if it resolves the WordPress upgrade issue.
I recently reinstalled CentOS on a server for a client and then proceeded to install their WordPress web site on the fresh install of CentOS Linux. After working through various minor issues the WP site was up and functioning without issue but after a week or so they contacted me to let me know that they could no longer view items in their FAQ system via the WordPress administration site. The FAQ system is a WordPress plugin called FAQ Builder and is a great little system for frequently asked questions. Below I describe the error received when attempting to access the FAQ Builder admin and what I did to resolve the issue.
I recently launched my first word press web site and had a friend tell me that a important security precaution was to change the table prefix of your word press database. The default prefix for the tables is “wp_” which can make it extremely easy for a attacker to run sql injection commands through flaws the they may find in word press. If we can change the name of a table a attacker will have to figure out that information as well thereby adding one more layer of security to our site. I was getting ready to change all the wp_ prefix’s manually when I discovered a plug in called WP Security Scan which claimed to automate the process.