Comments on: WordPress Security Talk http://www.moiagroup.com/archives/wordpress-security/310 MoiaGroup, Simply Great Web Design and Custom Programming in Tucson, Arizona. We do custom flash, wordpress, drupal, php & java programming. Tue, 23 Feb 2010 18:08:37 +0000 hourly 1 http://wordpress.org/?v=abc By: brian http://www.moiagroup.com/archives/wordpress-security/310/comment-page-1#comment-90 brian Sat, 29 Aug 2009 02:50:08 +0000 http://www.moiagroup.com/?p=310#comment-90 Thanks - I just got nailed by Cialis and my search ranking was destroyed - I don't know what that crap does, but I'll never buy it. I wish I could sue cialis, but instead I'll install more layers of security. I also uninstalled an automatic translator where the files were being created. Thanks – I just got nailed by Cialis and my search ranking was destroyed – I don’t know what that crap does, but I’ll never buy it. I wish I could sue cialis, but instead I’ll install more layers of security. I also uninstalled an automatic translator where the files were being created.

]]> By: Phil Barnhart http://www.moiagroup.com/archives/wordpress-security/310/comment-page-1#comment-42 Phil Barnhart Tue, 16 Jun 2009 01:36:39 +0000 http://www.moiagroup.com/?p=310#comment-42 A additional security issue may be all of the “readme” and “info” and other files left behind - not just for WordPress and all the plugins and templates, but other apps as well. I recently found in my server logs two strange bots from Chinese IPs that were active looking for readme txt files. If a particular plugin or app version has a vulnerability, it certainly may be more effective to scan the txt files that could indicate versions. Just to be on the safe side I remove all of the txt files, mods descriptions, etc from any web-accessible directory for my wordpress installs. A additional security issue may be all of the “readme” and “info” and other files left behind – not just for WordPress and all the plugins and templates, but other apps as well. I recently found in my server logs two strange bots from Chinese IPs that were active looking for readme txt files. If a particular plugin or app version has a vulnerability, it certainly may be more effective to scan the txt files that could indicate versions.

Just to be on the safe side I remove all of the txt files, mods descriptions, etc from any web-accessible directory for my wordpress installs.

]]>