In the video above I demonstrate how to close a WordPress blog to the public and make it available only to members who have a username and password created for them by the blog administrator. The site I demonstrate has 49,500 members that I created and bulk uploaded in about an hour. I show the plugin I used for the bulk upload of users. I’ll create a follow-up video in a week or so demonstrating how I used Excel to create those users from a file with nothing but first and last names. If you have need for a private blog/website to share with a few people or tens of thousands of people, this should help get you started.
Research? Strikes me as simply a load of unsupported, extremely vague ramblings. Why would I say that? Maybe it’s due to their liberal use of “Imagine this” support in their “study”:
Imagine this situation:
“An attacker is able to gain access to files outside Blackboard’s document directory.
The attacker includes Blackboard’s access logs. These logs can be influenced by
the attacker, so exploitation would lead to a new highly dangerous vulnerability
that allows the attacker to execute custom commands on the Blackboard server.”
Update: See comment by Network Solutions in comments area.
It seems Network Solutions and WordPress may not be playing well together and, as usual with tech geeks, they’re both pointing the finger at each other. I don’t have the time or interest to follow all the links on the net to figure this one out, but if you are hosting WP (or any other php app for that matter) on a network solutions, then you may want to do a little research on this one…here are a few links to get you started.
There is a new WordPress security vulnerability that makes it very easy for anyone to launch a dos attack on your WordPress site. See the details here: http://seclists.org/fulldisclosure/2009/Oct/263
An upgraded version of WordPress was released today to address this problem; version 2.8.5.
This security vulnerability impacts ALL WordPress versions prior to today’s release, so if you are running WordPress an upgrade is a must.
See the following posts on this site for upgrade information:
Upgrade using auto-upgrade: http://educhalk.org/blog/how-to-upgrade-wordpress-27/
Upgrade using Cpanel: http://educhalk.org/blog/how-to-upgrade-wordpress-to-27-using-cpanel/
Note: The following is made available under GPL from http://codex.wordpress.org/GPL. It may be edited a little from its original form, but probably not a lot. There is no guarantee this information is accurate…use at your own risk.
WordPress Security Keys
In WordPress 2.8 there are four (4) security keys , AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, and NONCE_KEY that you can optionally add to your wp-config.php file to ensure better encryption of information stored in the user’s cookies. You can use the online generator to automatically generate random keys for your WordPress install…see the default wp-config-sample.php file for the url to the online generator.