How Secure Is Your WordPress Blog?
Via a post on Mark’s website at Weblog Tools Collection
The Blog Security website is a useful resource for testing the security on your WordPress blog. The wp-scanner tool will look at your blog and give you useful information about your themes, your WP install and any security type issues that you should address on your blog. It found just one on my blog which I have now fixed.
The scanner utility only works on self-hosted blogs as you have to put a comment into one of your theme files so that the scanner activates. This means that people using wordpress.com or any Mu install of WordPress won’t be able to use it. This isn’t a huge problem for those bloggers as they should be worried about blogging, not the techie and security side of things anyway - that’s the admin’s job!
Don’t forget to take the comment out of the theme when you’re finished though! Leave it in and someone else could scan your blog, find its vulnerabilities and bugger it up.
A couple of things that I did notice while wandering around the Blog Security website though:
1. Guys, please please please make the wp-scanner tool easier to find! I had to click on a link in a post to find it!
2. I am not sure that it’s the best idea in the world to be publishing the list of vulnerabilities within the latest version of the application as you have done in this post. It’s just telling the bad guys exactly where to hack for their own nefarious purposes! Would it not be better to simply report these things straight to the WordPress Developers so that they can fix them? Sure, after it’s fixed, jump up and down and say “we reported this”, but don’t highlight the vulnerabilities for the whole world to see!
-->
Leave a Reply