Cory's Cogitations

My thoughts on web development and design, programming, graphic design and the world.

Archive for the ‘security’ category

Securing WordPress: A passive method for preventing unauthorized requests to wp-admin and wp-login.php

January 7th, 2010

I’m not sure why WordPress doesn’t allow you to change the URL for the admin and login pages, but they don’t. It seems to me that putting define ( ‘ADMIN_PATH’, ‘/wp-admin/’ ); in wp-config would be an easy and a good fix–but for whatever reason, they don’t and we are stuck with a security hole.

I will first review the methods that currently exist as workarounds to this problem that we shouldn’t have in the first place, and then will go on to detail my method which I hope is a little easier to setup and maintain.
» Read more: Securing WordPress: A passive method for preventing unauthorized requests to wp-admin and wp-login.php

11 comments »

Posted in Web Development, security

Tags: admin htaccess password protect directory prevent access securing wordpress unauthorized wordpress wordpress security wp-admin wp-login

Greasemonkey/Firefox script to enable autocomplete

August 12th, 2009

Browsers can save logins and passwords. Unless the autocomplete attribute is set to off, that is.

If you ever go to a website and wonder why it’s not asking you to save your password, it is probably because autocomplete has been turned off by the web designer.

Thanks Mr. Web designer, but I think I’ll be the judge of that.

First, let me say autocomplete=off is a good feature that keeps people who don’t know any better from doing something dumb. Looking at you, grandma.

But, if you are pretty confident in your internet self, and you use Firefox, you can use the following Greasemonkey script for Firefox to abolish autocomplete entirely from all websites you are viewing.

5 comments »

Posted in Scripts, security

Tags: autocomplete autocomplete=off form elements greasemonkey script passwords security

Securing WordPress: Plugging the WordPress version leaks

July 12th, 2009

WordPress is probably the most commonly used blogging platform around. Mostly because it’s free. Being #1 brings a lot of headaches as it makes the software a target for hackers and spammers.

As with securing your home, the best you can do is make your WordPress install a little more secure in the hope that that hacker or spammer will move down the line to the next install on their list. Nothing you can ever do will make you invincible.

WordPress loves advertising the version number of the install for statistical reasons. The problem with this is that when a bad guy knows the version of your WordPress install, they will know which vulnerabilities to use to break into it. By not letting them know this version number, it makes it just a little more difficult to break into your blog.