export default "data:image/svg+xml;base64,PHN2ZyBhcmlhLWhpZGRlbj0idHJ1ZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2aWV3Qm94PSIwIDAgNjAgNzUiPjxkZWZzPjxzdHlsZT4uYXtmaWxsOiNmZmY7fTwvc3R5bGU+PC9kZWZzPjx0aXRsZT5UUlEtTEdPLVEtUkdCPC90aXRsZT48cGF0aCBjbGFzcz0iYSIgZD0iTTkuNzEsOS41NGEyOC44LDI4LjgsMCwwLDAsMCw0MC42NGwuMTMuMTJoMEwzMy43NCw3My44NlY1OC4yNWExOS43LDE5LjcsMCwwLDAsMi4zOS0uMzUsMjguMjksMjguMjksMCwwLDAsMTQuMTYtNy43MkEyOC43MiwyOC43MiwwLDAsMCw5LjcxLDkuNTRaTTQyLjQ0LDQyLjMyYTE3LjQ2LDE3LjQ2LDAsMCwxLTguNzcsNC43NVY1OFMxOC4wNSw0Mi44LDE3LjU2LDQyLjMxYTE3LjYsMTcuNiwwLDEsMSwyNC44OCwwWiIvPjwvc3ZnPg=="
Torque

Search Results for: security

Security Alert: WP Super Cache and W3 Total Cache

Filed Under

Archives

Published

April 24, 2013

18 Comments

Tony Perez over at Sucuri shared yesterday a significant vulnerability that’s landed among some of the top plugins used out there which also happen to be the top caching plugins for WordPress. If you’re a fan and a user of WP Super Cache or W3 Total Cache then this update is for you! There’s a RCE (Remote Code Execution) vulnerability in these plugins that allows an attacker to execute commands on the blog directly. First discovered by kisscsaby in the WordPress forums it has been quickly dealt with via the plugin authors but that doesn’t mean that you haven’t updated yet! A few other blogs have also […]

It Must Be Good to Be in the Security Industry

Filed Under

Community

Published

April 18, 2013

5 Comments

I was passing a few conversations back and forth with my team in the past week about the growth of WordPress in light of the challenges of security and the ever-increasing target painted on the back of our collective ecosystem and it hit me that the WordPress security industry might just be one of the best points of entry if you’re looking to build a business in a growing niche market. Makes sense, right? With the recent global scare related to the super botnet that we’ve all talked about (and tons of blog posts) there is no surprise that I’m seeing more […]

Sucuri Spots Bad Plugin, Stirs the Security Pot Again

Filed Under

Community

Published

April 10, 2013

18 Comments

At this point in time you’ve probably already read the news that was brought to many of our attention via Sucuri who found a huge gaping hole in a very popular WordPress plugin (over 900,000 downloads) and that was being leveraged for ill-gotten gain, spamware into sites that ran it: If you are using the Social Media Widget plugin (social-media-widget), make sure to remove it immediately from your website. We discovered it is being used to inject spam into websites and it has also been removed from the WordPress Plugin repository. But the rub was that it wasn’t an “invasion” of […]

Common Plugin Questions: Amount, Speed, Security

Filed Under

Community

Published

March 13, 2013

9 Comments

I get pinged at least once a week, if not a few times during a week, about plugins – which ones they should use, download, and how many a blog or WordPress website should have. Ultimately, there isn’t any exact science to these questions but there are some general principles that seem to be agreed upon by those who work with WordPress professionally. I wanted to post simply here so as to direct people to this so they can have their questions answered succinctly, especially around performance and security. The question usually is asked like this:

VaultPress: Unique Keys, Salts, and Security

Filed Under

Archives

Published

February 19, 2013

No Comments

The guys over at VaultPress have been busy with two updates recently that you may want to take note of, the first being the fact that the system now alerts you of missing unique keys and salt strings in your wp-config.php file. For the uninitiated your unique and salt keys are specifically built to help increase security of your site installation. What they do essentially is help encrypt the information stored in your visitor’s cookies. You can actually use an auto-generator to create these as well if you self-host your blog, although a set should be auto-generated for you on […]

How do you stay on top of your WordPress game?

A good way to start is to sign up for our weekly newsletter. We keep you up to date by bringing you the freshest WordPress content from the brightest minds in the industry.