[Chugalug] d at mn scammers/hackers

Stephen Haywood stephen at averagesecurityguy.info
Thu Oct 18 16:00:57 UTC 2012


For anyone interested, wpscan by ethicalhack3r checks for a number of WP
vulnerabilities. It is a Ruby script and is included in BackTrack5.

www.wpscan.org

Stephen Haywood
Information Security Consultant
W: www.averagesecurityguy.info
T: @averagesecguy

On Oct 18, 2012, at 11:45 AM, Jason Brown <lists at masterforge.com> wrote:

 I run somewhere around 10 WP installations, hard to remember the count.
People try to get in all the time. Follow basic best practices with file
permissions and passwords just like any other LAMP install and I have never
had a breach.

The basics here are good: http://codex.wordpress.org/Hardening_WordPress
I think there are even scripts that do most of it for you.

Joomla was much worse in my opinion.

Then again, I have never seen anything secure "out of the box", Linux,
Windows, Apache, etc.

--Jason


On 10/18/2012 11:11 AM, Stephen Haywood wrote:

Wordpress is pretty bad too. The big thing to watch out for is the plugins
for Wordpress. I have my blog hosted at wordpress.com but I would never be
comfortable running my own wordpress install.

On Thu, Oct 18, 2012 at 10:44 AM, John Aldrich <jmaldrich at yahoo.com> wrote:

> Any known issues with WordPress? One of the groups I'm a member of uses
> WordPress for the CMS. Just thought I'd check.
>
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>



-- 
Stephen Haywood
Information Security Consultant
CISSP, GPEN, OSCP
T: @averagesecguy
W: averagesecurityguy.info



_______________________________________________
Chugalug mailing
listChugalug at chugalug.orghttp://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
Chugalug at chugalug.org
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20121018/18f8c0be/attachment.html>


More information about the Chugalug mailing list