Vulnerabilities in WordPress Content Management System Could Allow for Information Di

Toggle sidebar Toggle sidebar
John Connor

John Connor

Lifer
Nov 30, 2012
22,757
618
121
RECOMMENDATIONS:
We recommend the following actions be taken:

  • Update WordPress CMS to the latest version after appropriate testing.
  • Run all software as a non-privileged user to diminish effects of a successful attack.
  • Review and follow WordPress hardening guidelines - http://codex.wordpress.org/Hardening_WordPress.
  • Confirm that the operating system and all other applications on the system running this CMS are updated with the most recent patches.
Click to expand...
https://msisac.cisecurity.org/advisories/2016/2016-023.cfm


There are more damn exploits for Wordpress.
 
mikeymikec

mikeymikec

Lifer
May 19, 2011
20,401
15,100
136
John Connor said:
There are more damn exploits for Wordpress.
Click to expand...

There are "more damn exploits" for every piece of software that does anything even vaguely associated with the Internet. This is business as usual.

If vulnerabilities aren't being found in such software I'd assume that they're not looking hard enough (and/or that a given piece of software is obsolete).
 
John Connor

John Connor

Lifer
Nov 30, 2012
22,757
618
121
No. I run two CMS's: phpBB and Wordpress. There are by in large more vulnerabilities with WP than phpBB. Really. You have to harden WP with a slew of plugins and even then make sure you update all the time.

If anyone is running Wordpress it would be wise to add this to your .htaccess file.


Code: 
# Rules to disable XML-RPC
        <files xmlrpc.php>
            Order allow,deny
            Deny from all
        </files>
        #

There are many others. Wordpress codex has more info. http://codex.wordpress.org/Hardening_WordPress
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom