Comments on: WordPress 3.0 Thelonious Security Features http://www.wpsecuritylock.com/wordpress-3-0-thelonious-security-features/ Securing WordPress tips, harden server vulnerabilities, WordPress Security Services, teleseminars, and how to secure WordPress from malicious hackers. Sat, 04 Feb 2012 08:38:41 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Wordpress blogging platform hits 3.0http://www.wpsecuritylock.com/wordpress-3-0-thelonious-security-features/comment-page-1/#comment-4005 Wordpress blogging platform hits 3.0 Mon, 07 Mar 2011 18:10:20 +0000 http://www.wpsecuritylock.com/?p=2849#comment-4005 [...] one of a number which focusses on reports of security weaknesses or exploits against WordPress, has examined the claims made for 3.0 – of which the most notable immediately is that you don’t have to have an admin called [...] [...] one of a number which focusses on reports of security weaknesses or exploits against WordPress, has examined the claims made for 3.0 – of which the most notable immediately is that you don’t have to have an admin called [...]

]]> By: Robhttp://www.wpsecuritylock.com/wordpress-3-0-thelonious-security-features/comment-page-1/#comment-1996 Rob Tue, 23 Nov 2010 11:35:39 +0000 http://www.wpsecuritylock.com/?p=2849#comment-1996 I am planning a WP Blog based on WP 3.0 but have been told that I will have nightmares getting it to work properly with SSL certificates. Is there a good, idiot level article on configuring and asjusting WP 3.0 to work with SSL without generating errors or irritating visitors with constant pop-ups asking them if they want to upload insecure content as well as secure? I do NOT want to rely on plug-ins to get good SSL integration. I have tried this before with earlier WP versions and it is just to fussy and prone to issues. It would be great if WP could take all of these issues and build them into SSL integration controls on the Dashboard in future releases. Thanks. I am planning a WP Blog based on WP 3.0 but have been told that I will have nightmares getting it to work properly with SSL certificates. Is there a good, idiot level article on configuring and asjusting WP 3.0 to work with SSL without generating errors or irritating visitors with constant pop-ups asking them if they want to upload insecure content as well as secure? I do NOT want to rely on plug-ins to get good SSL integration. I have tried this before with earlier WP versions and it is just to fussy and prone to issues. It would be great if WP could take all of these issues and build them into SSL integration controls on the Dashboard in future releases. Thanks.

]]> By: Joan Stewarthttp://www.wpsecuritylock.com/wordpress-3-0-thelonious-security-features/comment-page-1/#comment-1614 Joan Stewart Mon, 20 Sep 2010 15:04:03 +0000 http://www.wpsecuritylock.com/?p=2849#comment-1614 Thank you for this interesting write up, I have been pondering upgrade and this has motivated me to doing it sooner than later. Every bit of security helps the online real estate. Thank you for this interesting write up, I have been pondering upgrade and this has motivated me to doing it sooner than later. Every bit of security helps the online real estate.

]]> By: 3 Tips To Keep Your WordPress Website or Blog Secure | A Virtual Blessinghttp://www.wpsecuritylock.com/wordpress-3-0-thelonious-security-features/comment-page-1/#comment-1423 3 Tips To Keep Your WordPress Website or Blog Secure | A Virtual Blessing Thu, 15 Jul 2010 12:37:56 +0000 http://www.wpsecuritylock.com/?p=2849#comment-1423 [...] update your WordPress blog or website with the current version. The current  version is WordPress 3.0. WordPress recommends that you check requirements, back-up your database and [...] [...] update your WordPress blog or website with the current version. The current  version is WordPress 3.0. WordPress recommends that you check requirements, back-up your database and [...]

]]> By: nomalabhttp://www.wpsecuritylock.com/wordpress-3-0-thelonious-security-features/comment-page-1/#comment-1404 nomalab Wed, 23 Jun 2010 00:25:57 +0000 http://www.wpsecuritylock.com/?p=2849#comment-1404 Or contact your host and ask them to chown those directories to www-data, nobody or what ever user the web server is being run as. Good hosts do this for free and within 10 minutes. Or contact your host and ask them to chown those directories to www-data, nobody or what ever user the web server is being run as. Good hosts do this for free and within 10 minutes.

]]> By: Eyal Estrinhttp://www.wpsecuritylock.com/wordpress-3-0-thelonious-security-features/comment-page-1/#comment-1397 Eyal Estrin Sun, 20 Jun 2010 02:08:35 +0000 http://www.wpsecuritylock.com/?p=2849#comment-1397 1. My article is trying to show the most secure configuration and keep best practices for configuring WordPress - I gave an easy instructions for using SSH keys, so everyone could perform, even if they are not familiar with the process2. According to the article http://www.viper007bond.com/2009/05/07/wordpress-how-to-force-direct-filewrites-for-upgrades - "The permissions need to be 0777 (or similar) so that you can still modify the files/folders if need be".3. According to the article http://codex.wordpress.org/Changing_File_Permissions - "Some plugins require the /wp-content/ folder be made writeable, but in such cases they will let you know during installation. In some cases, this may require assigning 755 permissions or higher (e.g. 777 on some hosts). The same is true for /wp-content/cache/ and maybe /wp-content/uploads/".4. According to the article http://wordpress.org/support/topic/283232 - permission 777 is required for the /wp-content/upgrade in-order to complete an upgrade between WordPress versions (even if only on temporary basis).5. The plug-in "WordPress Database Backup" (http://austinmatzko.com/wordpress-plugins/wp-db-backup), will not work without setting permission 777 on the folder /wp-content/backup-ed602 1. My article is trying to show the most secure configuration and keep best practices for configuring WordPress - I gave an easy instructions for using SSH keys, so everyone could perform, even if they are not familiar with the process

2. According to the article http://www.viper007bond.com/2009/05/07/wordpress-how-to-force-direct-filewrites-for-upgrades - "The permissions need to be 0777 (or similar) so that you can still modify the files/folders if need be".

3. According to the article http://codex.wordpress.org/Changing_File_Permissions - "Some plugins require the /wp-content/ folder be made writeable, but in such cases they will let you know during installation. In some cases, this may require assigning 755 permissions or higher (e.g. 777 on some hosts). The same is true for /wp-content/cache/ and maybe /wp-content/uploads/".

4. According to the article http://wordpress.org/support/topic/283232 - permission 777 is required for the /wp-content/upgrade in-order to complete an upgrade between WordPress versions (even if only on temporary basis).

5. The plug-in "WordPress Database Backup" (http://austinmatzko.com/wordpress-plugins/wp-db-backup), will not work without setting permission 777 on the folder /wp-content/backup-ed602

]]> By: John Hoffhttp://www.wpsecuritylock.com/wordpress-3-0-thelonious-security-features/comment-page-1/#comment-1396 John Hoff Sat, 19 Jun 2010 19:23:31 +0000 http://www.wpsecuritylock.com/?p=2849#comment-1396 Hi Regina,I of course have been in head deep security-wise as far as WP 3.0 goes and the only main security enhancements I've seen thus far are 3 things:1. Automatic generation of security keys 2. Ability to create your own customer username 3. Ability to change your default database prefixHave you noticed any other security enhancements on the end-user side of things? Hi Regina,

I of course have been in head deep security-wise as far as WP 3.0 goes and the only main security enhancements I've seen thus far are 3 things:

1. Automatic generation of security keys
2. Ability to create your own customer username
3. Ability to change your default database prefix

Have you noticed any other security enhancements on the end-user side of things?

]]> By: Harriman Real Estatehttp://www.wpsecuritylock.com/wordpress-3-0-thelonious-security-features/comment-page-1/#comment-1394 Harriman Real Estate Fri, 18 Jun 2010 17:58:52 +0000 http://www.wpsecuritylock.com/?p=2849#comment-1394 Alex, what are the specific plug-ins that you have seen issues with in WP 3.0? Any common ones that everyone uses? Thanks! Alex, what are the specific plug-ins that you have seen issues with in WP 3.0? Any common ones that everyone uses? Thanks!

]]> By: Regina Smolahttp://www.wpsecuritylock.com/wordpress-3-0-thelonious-security-features/comment-page-1/#comment-1393 Regina Smola Fri, 18 Jun 2010 17:22:06 +0000 http://www.wpsecuritylock.com/?p=2849#comment-1393 Thanks Justin. Yes, I'm thrilled about that part! You would not believe how many websites we work on that have the username "admin" and the password "password." I am hoping that people will learn to use something other than "admin" out of the gate now. Thanks Justin. Yes, I'm thrilled about that part! You would not believe how many websites we work on that have the username "admin" and the password "password." I am hoping that people will learn to use something other than "admin" out of the gate now.

]]> By: Regina Smolahttp://www.wpsecuritylock.com/wordpress-3-0-thelonious-security-features/comment-page-1/#comment-1392 Regina Smola Fri, 18 Jun 2010 17:19:48 +0000 http://www.wpsecuritylock.com/?p=2849#comment-1392 Hi Petrus4,Thanks for letting us know there is an issue with the WP Events Calendar plugin. Luckily, I'm not using that one.I have seen that "white screen of death" too many times and have learned that 99.9% of the time it's a plugin conflict. Glad to hear you knew to change the plugin directory name and enabled one by one to find the culprit. Hi Petrus4,

Thanks for letting us know there is an issue with the WP Events Calendar plugin. Luckily, I'm not using that one.

I have seen that "white screen of death" too many times and have learned that 99.9% of the time it's a plugin conflict. Glad to hear you knew to change the plugin directory name and enabled one by one to find the culprit.

]]>