If you are running Wordpress blog software (and it’s not upgraded to the latest version) you might have been a target for hackers who are looking to take over blogs for search-engine optimization (SEO) of other sites they control, traffic-redirection and other bad purposes.

Most of the attacks consist in using SQL injection and XSS cross-site scripting and that is because the user input isn’t filtered properly by the software. Some of the attacks use bots which can create hundreds of spam pages on your blog automatically, place a backdoor (so the hacker can come back at later time) or steal users passwords.

Hackers are taking advantage of the open-source nature of the software to look and analyze the source code of a specific software they want to attack and test it for potential vulnerabilities. Then the developers and users have to detect, track down, and shut down the vulnerabilities in the code that those attackers are using.
The pattern seems to be the same: when a new hole is found, it’s broadly exploited, then developers rush out a patch and/or a new release. Most of the damage inflicted by the automated exploits can be reversed with an upgrade but in some cases you can be left with thousands of spam pages and images to clean up (and they are usually well hidden). If the attacked software is very popular (and that attracts hackers too) - like Wordpress - then thousands of installs can be compromised.

Chances are that a blog owner realizes late that his blog was hacked that why it is important to keep up with the latest upgrades and security patches from Wordpress.com and keep an eye on your blog: monitor the statistics, the blog usage, have frequent backups and track other security blogs for news about any security holes one of them is BlogSecurity.net.

Read the rest of this entry »

Want more web software reviews?
Then make sure you subscribe to our RSS feed or get our customizable widget and embed it on your site!

Wordpress blog software has its origin in Michel Valdrighi’s b2 software. In 2003 b2 became the genesis of WordPress www.wordpress.org, a fork project using the b2 source code, which simply had fallen behind web standards and on which no further development was planned. Matt Mullenweg and Mike Little, two bloggers, began developing WordPress and were soon joined by Valdrighi. It took a year, but WordPress’ versatility and open source nature, combined with a decision by the developers of Movable Type to radically raise prices for their software, led WordPress to be one of the frontrunners in blogging software.WordPress’ value lies in its easy customization. It seems like there is a plugin for everything: Akismet (akismet.com) catches spam, podPress (podpress.org) turns a WordPress installation into a podcasting platform, etc. And it only takes a little knowledge of PHP to write your own plugin. WordPress is routinely used as a content management system for websites not meant to act as blogs - it can be used to create a directory just as easily as it can be used to post updates to a blog.

There are some video-tutorials for WordPress 2.3 and 2.5 at the end of the full article. Check them out!

Just What WordPress Needs

To run WordPress, all you need is a server that supports PHP and MySQL. While the WordPress developers recommend Apache or Litespeed web servers for users who plan to subject their WordPress installation to more than typical abuse, it’s not necessary. If you’re planning to install WordPress, you don’t even need the most recent versions of either PHP or MySQL: PHP 4.2 or greater and MySQL 4.0 or greater will work just fine.

Getting WordPress Running

For those individuals without much technical savvy, WordPress can be an ideal CMS for a single simple reason: one-click install. Many web hosts have begun offering accounts with what is essentially an automatic installation process: users simply select WordPress as their CMS of choice and the host takes care of setting it up.

If you’re interested in handling the installation procedure yourself, it’s still not overly complicated - as long as you know a few basics about setting up a website: to start, download the installation package from WordPress (wordpress.org/download/) and unzip it. From there, you’ll need to create a database for WordPress on your web, along with a MySQL user with all privileges (for both accessing and modifying the database). Rename the file “wp-config-sample.php” to “wp-config.php” and open it in the text editor of your choice. Fill in your database details.

At this point, you’ll need to decide if you’d rather have WordPress on the root of your domain or on a subdirectory. To integrate WordPress into the root, move all the files contained in your unzipped installation package (excluding the directory itself) into the root directory of your web server. If you’d rather have your WordPress installation on a subdirectory, move the entire directory into the root directory of your web server (including the directory itself). You can rename the directory if you wish.

Read the rest of this entry »

Want more web software reviews?
Then make sure you subscribe to our RSS feed or get our customizable widget and embed it on your site!