The State of WordPress Security

Stolen entirely from is this about how WordPress kicks ass..;) and makes the point that most exploited WP sites are done so through weaknesses in the hosting companies and dodgy plugins..

The article How did WordPress win? has certainly been making its rounds the last two days, but all eyes seem to be (for the most part) on this comment by core developer Mark Jaquith, who sums up the state of WordPress security quite well. It sure is hard to avoid quoting the entire thing here, but here are a few key points:

I haven’t seen an up-to-date WordPress install get directly exploited in around five years. Seriously. Every time I investigate a compromised WordPress install, it is either because they were running an old version (usually not just a little bit old, but really old), or because their web host was compromised.


When you’re paying $5 a month for hosting, three things will usually suffer: Stability, Security, and Support.


Two big priorities right now are: (a) making it super easy to stay up-to-date and (b) pushing web hosts to get their act together.

To summarize the major points in the comment, your WordPress installation is safe as long as it’s up to date (and your password is good), the developers are working on ways to make staying up to date easier, and make sure that your hosting provider isn’t taking shortcuts with their security.

As a gentle reminder after reading this article, WordPress 3.0.5 and 3.1-RC4 were released a few days ago, so don’t forget to update your installation!

One reason Buddypress avatar upload failed.

Ok, so on a fresh mind I went looking for the mysterious hiding place of the uploaded profile avatar.. I was able to view image info and saw that it was in a folder that at first glance did not exist in my Wp hierarchy .. I guess I missed a /wp/ in there but finally noticed and was able to, under ‘Miscellaneous Settings’  or ‘Settings/Miscellaneous’ from the WP-admin panel. I noticed that

‘Store uploads in this folder’ was set to etc/etc/etc/          – Removed the extra /wp/ found the files and copied them to the proper location and voila, avatars are working…;)  now  upgrading to WordPress 3.0…

Nextgen gallery

I must give thanks to Alex rabe for all the work he has put into his Gallery Plugin. I use it on most of my blogs and find it very easy to get up and running quickly. There are some limitations that I think are beginning to be addressed like the SEO aspect and adding some functionality for more than just a gallery, but an online inventory like CMS or a Zen/Uber/WP cart site without all the horrendous messing around with the first 2 anyways..

I will carry this post on over the day as I check out the new features of Nextgen gallery..

Related External Links