Posted November 20, 2014 by Andrew Nacin. Filed under Releases, Security. WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you […]
New Zero-Day Vulnerability Discovered in TimThumb Script
WordPress Security Alert: New Zero-Day Vulnerability Discovered in TimThumb Script Sarah Gooding June 25, 2014 20 photo credit: kama17 – cc Security vulnerabilities have plagued the TimThumb script for years. It is most commonly used in cropping, zooming and resizing images in WordPress themes. After the large scale attacks launched against the script a few […]
Web Security Issues
A serious vulnerability in the WP eCommerce Plugin was announced within the last 24 hours (321st Oct 2014) . A fix has been released and some hosting companies are already auto-upgrading customers to the newest version. Upgrade to 3.8.14.4 of WP eCommerce immediately if you use this plugin. Please spread the word because with almost […]
How to upgrade to SSL certificates from SHA1 to SHA2
With Chrome version 39 which is in the process of being released (see footnote), Google has started issuing warnings if a website is using a certificate that has a signature algorithm that uses the older and less secure SHA1. To find out which signature algorithm your secure website is using, in Chrome click on the green […]