Nasty session stealing hole filled in WordPress All in One SEO plugin The developers have patched a hole in the popular All in One search engine optimisation WordPress plugin, a tool that's been downloaded by some 30 million users and is used on a million sites. Flaws exist in the Bot Blocker component which can be exploited to steal administrator tokens and conduct actions through cross-site …
Good old wordpress, allowing those people claiming to be web developers, but with no proper web authoring or security skills (normally from the print design industry) to make lovely pwn-able sites for other people that can just about open a web browser, what could possibly go wrong. Virus and Malware email malvertisers love them, inspecting the sites used for these and phishing attacks its nearly always hosted on the back of exploited wordpress sites. And before i start a flame war, yes people who know what they are doing do also from time to time use wordpress properly and create updated and secure sites. But more often than not its used by some idiot who has no need to use wordpress at all other than they cant write a fully working page of html if their life depended on it.
Good old wordpress, allowing those people claiming to be web developers, but with no proper web authoring or security skills (normally from the print design industry) to make lovely pwn-able sites for other people that can just about open a web browser, what could possibly go wrong.
Call me old fashioned, but I just can't trust code that I did not write myself.
I like Wordpress. If it's set up properly and kept updated then it's very good for lower-tech users who can change and edit bits without having to call in expensive experts every time. It's a primo target for hackers, of course; but Wordpress are pretty fast with patches.
I prefer manual patching; but you can set it to keep itself updated if you know it's going to be an unattended install. The real problem is clueless owners employing only-slightly-less clueless 'designers' who knock up a site and move on without telling the site to keep itself updated. Then it's just a matter of time.
"Call me old fashioned, but I just can't trust code that I did not write myself."
Cool! So you wrote your own browser, running under you own OS, compiled by your own compiler, and connecting to the internet through a router / modem running firmware which you wrote? Fantastic job!
> "Call me old fashioned, but I just can't trust code that I did not write myself."
Cool! So you wrote your own browser, running under you own OS,...
I never wrote that I would not use it, I wrote that I would not trust it.
For a website, I'd much rather write my own server-side code and HTML as that gives me the most flexibility, and enables the best efficiency. I know where everything is, and I can block potential attacks.
No, I did not write my own server OS. But I do trust the people that manage my server and that makes it O.K.
This post has been deleted by its author
Good old wordpress, allowing those people claiming to be web developers, but with no proper web authoring or security skills (normally from the print design industry) to make lovely pwn-able sites for..
Seems plenty are moving to that abomination Wix instead.
Now every site has horrible pictures whizzing across too fast and they all look the same
Depressing what's happened really
Being a Unix-minded user I've always been a bit weary with programs that claim to be "all in one". I more than often don't need all in one: I need a program (or plugin) which does its job without trying to pretend its more than it actually is.
A good example from my past is Avast. I used to really like that virus scanner until they became an "Internet suite". Suddenly the virus scanner had to include firewall and website blacklist features; stuff which I didn't need. Worse yet: in the beginning the product was horrid. Whenever I used Torrent the firewall just couldn't keep up with the amount of parallel connections and would crash my PC more than often, making me really wonder what had happened.
You want a SEO feature? Then you really don't need some weird "All in one" thingie, Yoast's SEO plugin is all you need. And better yet: no backdoors either :)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
