security

You are currently browsing articles tagged security.

Here’s why I don’t normally apply updates on the first day: Backdoors in three popular WordPress Plugins

June 22, 2011 | No comments

I had always been a bit reluctant to enable the XML-RPC publishing feature on my blogs because this can be just an extra attack vector to a site. It is, however, required when you want to manage a WordPress blog using WordPress for BlackBerry. When your BlackBerry is connected to a corporate network using BlackBerry Enterprise Server, and your organization’s admins are OK with you using your mobile device and the corporate server to manage your blog (or if it’s a company website anyway), you can add the following lines to your .htaccess file to block any XML-RPC access to your blog which is not coming from your corporate server:

<Files xmlrpc.php>
Order allow,deny
allow from 198.51.100.27
</Files>

You will have to replace 198.51.100.27 with the IP address of your BlackBerry Enterprise Server.

Now you will also need to setup the WordPress app on your mobile device to use the BlackBerry Enterprise Server to connect to your blogs. In the app hit the BlackBerry key and click on “Setup”:

In the setup screen disable all other Connection Options and enable only “BlackBerry Enterprise Server” (this appears to be off by default):

Now Apache will allow only your BlackBerry (well, and any other BlackBerry in the same organization) to connect to your blog.