Guymon » Stefan Esser über Wordpress Security

Stoppt die Vorratsdatenspeicherung! Jetzt klicken &handeln!

Willst du auch an der Aktion teilnehmen? Hier findest du alle relevanten Infos und Materialien:

You are reading

June 30, 2007
Tags PHP, Security, SQL-Injection, wordpress.
No comments yet
Stefan Esser über WordPress Security

Stefan Esser über WordPress Security

blogsecurity hat mit Stefan Esser über WordPress Sicherheit gesprochen.

I think the WordPress software is the best blogging software around from an end user’s perspective. Its GUI is full of eye-candy and features that are not present in other blog software. But wearing my security hat, I see past this eye-candy onto the code and see several bad design decisions. This starts with how they interface with the database. Additionally, I consider some of their features quite dangerous. I personally dislike it when software encourages its users to have writeable files within the document root. WordPress’s feature to edit files/templates on the server does exactly this. The problem with this is that when I take over the admin account of a WordPress blog, usually nothing stops me from executing any PHP code on the system. And from that it is often only a small step to control the whole server.

Possibly related posts (automatically generated)

Comments are closed

Copyright © 2004–2009. All rights reserved. – Impressum

RSS Feed. This blog is proudly powered by Wordpress and uses Modern Clix, a theme by Rodrigo Galindez.