Comments on: Build A Better Blog Host Week 5 – Security http://wpmututorials.com/how-to/build-a-better-blog-host-week-5-security/ WordPress multisite how to - making sense of the network feature from what was wordpress mu Thu, 26 Jan 2012 22:51:00 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Erin http://wpmututorials.com/how-to/build-a-better-blog-host-week-5-security/#comment-3084 Erin Wed, 25 Nov 2009 14:15:41 +0000 http://wpmututorials.com/?p=249#comment-3084 Hi Andrea, I have a theme I would like to use (news-magazine-theme-640) and it uses $wpdb, presumably to store the many options and objects it creates (thumbnails, etc.). Can you elaborate on why it's not secure for themes to use $wpdb, so I can make a decision on whether or not to use this theme in my WPMU site. Thanks for the great resource. I come back to this post frequently. Hi Andrea,

I have a theme I would like to use (news-magazine-theme-640) and it uses $wpdb, presumably to store the many options and objects it creates (thumbnails, etc.). Can you elaborate on why it’s not secure for themes to use $wpdb, so I can make a decision on whether or not to use this theme in my WPMU site.

Thanks for the great resource. I come back to this post frequently.

]]> By: Some guy http://wpmututorials.com/how-to/build-a-better-blog-host-week-5-security/#comment-1035 Some guy Fri, 31 Jul 2009 20:41:09 +0000 http://wpmututorials.com/?p=249#comment-1035 thanks for good post which is full of knowledge and practical ideas. thanks for post. thanks for good post which is full of knowledge and practical ideas.
thanks for post.

]]> By: andrea http://wpmututorials.com/how-to/build-a-better-blog-host-week-5-security/#comment-1012 andrea Tue, 28 Jul 2009 15:05:29 +0000 http://wpmututorials.com/?p=249#comment-1012 It was an unsecure server as I was on shared hosting at the time. Permissions were correct on the file, so the only way they could have got in, was via the server. It was an unsecure server as I was on shared hosting at the time. Permissions were correct on the file, so the only way they could have got in, was via the server.

]]> By: Sam Diamond http://wpmututorials.com/how-to/build-a-better-blog-host-week-5-security/#comment-1011 Sam Diamond Tue, 28 Jul 2009 14:42:38 +0000 http://wpmututorials.com/?p=249#comment-1011 The hacker was thankfully a nice person, and just left an index.html file on the server to let me know I’d been breached. How’d he do it? He managed to download or read my wp-config file (even though it had the right permissions) and get the database user password… which was the same as the cpanel password." How were they able to exploit this? I am more afraid of this scenario than a password brute force scenario. The hacker was thankfully a nice person, and just left an index.html file on the server to let me know I’d been breached. How’d he do it? He managed to download or read my wp-config file (even though it had the right permissions) and get the database user password… which was the same as the cpanel password.”

How were they able to exploit this? I am more afraid of this scenario than a password brute force scenario.

]]> By: itslalala http://wpmututorials.com/how-to/build-a-better-blog-host-week-5-security/#comment-991 itslalala Mon, 20 Jul 2009 20:43:00 +0000 http://wpmututorials.com/?p=249#comment-991 I just wanted to thank you for this series and this site! I'm learning so much and I am so excited about my next projects! I just wanted to thank you for this series and this site! I’m learning so much and I am so excited about my next projects!

]]> By: andrea http://wpmututorials.com/how-to/build-a-better-blog-host-week-5-security/#comment-979 andrea Fri, 17 Jul 2009 23:40:19 +0000 http://wpmututorials.com/?p=249#comment-979 Yeah, that sounds cool. :) Ron does hexidecimal conversions in his head, the crazy guy. Yeah, that sounds cool. :)

Ron does hexidecimal conversions in his head, the crazy guy.

]]> By: curtismchale http://wpmututorials.com/how-to/build-a-better-blog-host-week-5-security/#comment-978 curtismchale Fri, 17 Jul 2009 22:00:34 +0000 http://wpmututorials.com/?p=249#comment-978 For passwords I use Keepass and KeepassX depending on the OS I am on. It's like 1Password for the Mac. You generate one password that you can remember and then use the software to build your other passwords. Since it's cross platform I use Dropbox to sync the Database between computers. If you want to make sure you have a backup copy (dropbox keeps versions anyway) you can export the XML file and lock it up in a truecrypt vault on a machine. I will never manually generate passwords and remember them again. I even use it to track my software license information. .-= curtismchale´s last blog ..<a href="http://feedproxy.google.com/~r/Sfnaim/~3/NWBbkFRBkj8/" rel="nofollow">You Might Need a Redsign If</a> =-. For passwords I use Keepass and KeepassX depending on the OS I am on. It’s like 1Password for the Mac. You generate one password that you can remember and then use the software to build your other passwords. Since it’s cross platform I use Dropbox to sync the Database between computers.

If you want to make sure you have a backup copy (dropbox keeps versions anyway) you can export the XML file and lock it up in a truecrypt vault on a machine.

I will never manually generate passwords and remember them again. I even use it to track my software license information.
.-= curtismchale´s last blog ..You Might Need a Redsign If =-.

]]>