api.wordpress.org a potential single-source of failure

Wordfence has posted an important article revealing how WordPress’ automatic update system is vulnerable to compromise. It’s thick reading, but well worth understanding.

Automatic updates is by default “on” with all installations of WordPress.

Hacking 27% of the Web via WordPress Auto-Update

Moving to Endpoint Security for WordPress

Wordfence has been providing endpoint security for WordPress powered web sites since 2012. Here is a recent blog post on https://www.wordfence.com providing information about what endpoint security is.

You’ve probably seen the term ‘endpoint’ talked about in the press recently in the context of information security. Lets discuss what a network endpoint is, why securing endpoints can dramatically strengthen your overall security posture and why big vendors like Intel Security (formerly McAfee) and a number of startups are launching products that focus on endpoint security…

Full article at https://www.wordfence.com/blog/2015/11/moving-to-endpoint-security-for-wordpress/

Should You Disable XML-RPC on WordPress?

Wordfence has posted a well written blog post that describes the XML-RPC API and how disabling it will affect your WordPress hosted web site.

Recent improvements to WordPress and Wordfence’s blocking tools have lessened the need to disable the API.

Here is the blog post: https://www.wordfence.com/blog/2015/10/should-you-disable-xml-rpc-on-wordpress/

Wordfence is one of the most effective plugins to manage  security for WordPress powered web sites. Learn more about it here: https://www.wordfence.com/

New Year’s WordPress Housekeeping Tips

WordPress Attachment Details

I wish I had seen this in December as I like to do year-end cleanup and new year planning during the holidays. Since it was only published yesterday, I’ll share it with you anyway because it has such wonderful information.

These things should be done on a regular basis, not just at the start of each year. It will serve as a good reminder checklist. Here are the thirteen items it lists:

  • Better Image Data
  • Optimize Your Installation
  • Optimize Your Images
  • Find and Learn Great Tools
  • Automate Your Workflow
  • Optimize Your Interface
  • Taxonomies Are Your Friend
  • Remove Unnecessary Plugins
  • Use Rich Content
  • Perform a Security Overhaul
  • Start a Blog
  • Contribute Back
  • Start Learning to Code

I see a number of things that I’ve been meaning to do and think that perhaps 2015 will be a good time to start. Things like the last three items on the list.

Here is the link to the full article:

Start the Year off Right with These WordPress Housekeeping Tips (Daniel Pataki, wpmudev.org)