October 31st, 2007 WordPress Security Candy

To make a short post (maybe) for today, I thought I should talk about WordPress security.

Now, I’m no guru or anything. I don’t know PHP or MySQL, and I haven’t been using WordPress for too long a time. Actually, only since the beginning of this month have I been using WordPress, and not to it’s full potential (home-brewed theme, anyone?).

So why am I talking about security if I don’t know crap?

Well, the little that I do know makes me a bit worried.

Did you know that you could access your Includes folder from any browser? It’s public.

Not to bash WordPress or it’s developers and community, because I’m practically in love with the script and everyone in involved, but you would think the script could handle permissions like this automatically through the install. It’s such a popular and amazing script, I’m sure they could’ve handled this.

“Well, it’s not a big deal if people can access my Includes folder.”

No. It IS a BIG deal. Just imagine if your blog was popular enough, some scumbag hacker could wander in and screw you over. I’m not sure how exactly, but I’m definitely sure this isn’t safe practice.

Talk about a bad Trick, huh? (relating poorly to Halloween, blah)

So, if you’re on an Apache server and have access to .htaccess files, you can fix this problem right up. Here is where I was alerted to this little issue and where you can find the fix (this same article is linked through your WordPress Dashboard as well, for the lazy out there).

Again, this is by no means me attacking WordPress or the people involved. This is just me expressing my “!” or surprise at something like this. It’s very surprising for me, honestly.

Posted in Webbie, WordPress | 1 Comment »


Back to Top | RSS 2.0 | WordPress Login
Munin no longer supports Internet Explorer browsers, try a better browser instead