Tag: security
-
Wordfence announces critical vulnerability in Litespeed Cache
Recently, the Wordfence Threat Intelligence team announce a critical vulnerability in the Litespeed Cache plugin. This is a privilege escalation vulnerability, which means that an attacker who gains access as a low level user can exploit the vulnerability to gain admin rights on an affected site. I am pointing this out because I know a…
-
Login form honey pot
We’ve discussed building a honey pot for the registration form to prevent spam signups by bots. But what about the login form? With WordPress being so much more ubiquitous across the Internet today, there are many more attempts to hack and exploit it. Many of these attempts are automated by bots. Whether the login attempt…
-
Fighting registration spam with a honey pot
I’ve had a few requests for help with combating registration spam using the plugin. To be honest, I’m right there with you all – I was getting a great deal of registration spam here on the site. I’ve been working on how to reduce that with a number of approaches. One approach is the Security…
-
Validate a registration with a PIN
Here is a script idea you can use to validate a stored value that you might have for users (such as a PIN) against their registration data. This example will assume that you only want to allow certain registrations for people who you already have data on (in this example, their name) and you want…
-
WP-Members 2.8.1 Release
The WP-Members 2.8.1 release is an important security update for the plugin. It is highly recommended that you upgrade as previous versions of the plugin have a possible exploit that may be vulnerable. As soon as I became aware of this, I put all other items on the project list on hold. While 2.8.1 is…