-
hakre on wordpress » WordPress Licensing- GPL: This Deserves a Special Mention, II 17 Feb 2011
- b2/cafelog is GPL 3 Feb 2011
- WordPress Changes GPL License Text Again 15 Jan 2011
- Akismet Introduces GPL Version to WordPress (Updated 3x) 1 Jan 2011
- Kses, GPL, Copyright, Licensing and Disclaimer 30 Dec 2010
- WordPress, Copyright, Hello Dolly Lyrics, the GNU GPL and I 22 Dec 2010
- WordPress Licensing Issues – Plugins are GPL, Right? 15 Dec 2010
- WordPress Licensing Issues – On Showing License 6 Oct 2010
- Relicensing of IXR – The Incutio XML-RPC Library (Day 15) 8 Sep 2010
- WordPress Licensing Issues – NOOP (Day 8) 2 Sep 2010
- WordPress Licensing Issues – Summary (Week 1) 1 Sep 2010
- WordPress Licensing Issues – Submitting Code (Day 6) (Update 1x) 30 Aug 2010
- WordPress Licensing Issues – Progress (Day 5) 30 Aug 2010
- WordPress Licensing Issues – Why I care (Day 4) 28 Aug 2010
- WordPress Licensing Issues – the third day 28 Aug 2010
-
- Wordpress Questions (and Answers)
- How do I include custom fields in search? 22 May 2012
- How to correctly limit the content and strip HTML? 19 May 2012
- Can I have mutiple custom html editors for each page? 22 May 2012
- Space in between query values 22 May 2012
- WP text styles not coming through to actual post 22 May 2012
Tag Archives: PHP Security
Congrats Solar Designer!
And the winner is: Solar Designer in the Month of PHP Security 2010 with his article “How to manage a PHP application’s users and passwords” (Full Listing). Solar Designer’s phpass password hashing algorithm is used in wordpress. It has been … Continue reading
Posted in Hacking The Core, Pressed, Reports
Tagged #2394, Month of PHP Security, MOPS, MOPS-2010, PHP Security, phpass, Solar Designer
Leave a comment
Cheap Hack/Worm Protection for your WordPress Blog
This on its own might be only security done half, but I thought the idea is not that bad to spread the word. It can be normally setup in seconds on the various linux based hostings out there: disable eval. … Continue reading
Posted in Hacking The Core, Hakre's Tips, Tools, WordPress Support
Tagged #9602, Eval, Exploit, hack, PHP Security, Security, Sektion Eins, Stefan Esser, Suhosin, Wordpress, Wordpress Security, WP-2.8.5, WP-2.9
3 Comments
WordPress Single-Sign-On Preview
I’m currently working on a more detailed article related to wordpress and single-sign-on. It is a nice topic and because of that I started to create some concept art now that should picture the whole thing. That is a sample … Continue reading
Posted in Pressed
Tagged Apache, Extranet, HTTP, Intranet, MySQL, PHP Security, phpass, Single-Sign-On, Wordpress, Wordpress Security
10 Comments
Prevent Code Injection in PHP include files
While discussing Coding Standards it was not long ago I argued against adding ?> at the end of php files. But miqrogroove pointed to me an interesting aspect why it actually can make sense to have it and an additional … Continue reading
Posted in Code Smells, Hakre's Tips, PHP Code Smells, Pressed
Tagged Code Injection, Include, PHP, PHP Security, Return, Security
Leave a comment
Free PHP Security Poster
Ther germany located security company SektionEins, which is specialized on Webapplication and PHP security, has a freebie to offer: You can download or order a PHP Security poster. They even send it in format A0 for free to you within … Continue reading
Posted in Hakre's Tips, Pressed
Tagged PHP, PHP Security, Poster, Security, SektionEins, Stefan Esser, Suhosin
Leave a comment
PHP Open Basedir degrades Security (Bonus)
Some hosters are using the open_basedir restrictions because they think this makes hosting somewhat more secure. Well normally it is not because a hoster in need to enable it often shows that the system is not properly configured in respect … Continue reading
Posted in Pressed
Tagged #12148, open_basedir, PHP Security, phpass, Quality Control, Random, Security, Solar Designer
1 Comment
The short memory of WordPress.org security
For the wordpress project it’s said: If you find a bug, report it. That’s the same if it is security related. For those who feel – for whatever reason – uncomfortable to publicize it in trac directly, can shoot an … Continue reading
Posted in Hacking The Core, Patched, Pressed
Tagged #11236, #11401, caesarsgrunt, PHP Security, Ryan Boren, Security, Thomas Mackenzie, Wordpress, WP, WP-2.9.2
10 Comments
mysql_real_escape_string and SET NAMES
In #11819 I was so hardly looking for a clear documentation for mysql_real_escape_string() combined with the usage of SET NAMES. I finally found it where I should have looked first: within the MySQL manual. PHP is using the MySQL client library … Continue reading
Posted in Hacking The Core
Tagged Database, MySQL, PHP, PHP Security, Security, Wordpress, WP
Leave a comment
