WordPress plugin upgrade
We just released a new version (1.6) of our WordPress plugin. (get it here) It is a recommended update for everyone.
Many small things were improved and fixed, but the most interesting change is the better integration of the quarantine with WordPress 2.5 and up.
We've been testing this new release for some time, but if you have any problem with this update, please let us know.
Happy blogging!
Now on GitHub and Lighthouse
Good news!
By popular request, we just started hosting our WordPress plugin code on GitHub! You can now stay up-to-date with our development effort and even help us by implementing the features you want.
GitHub (and Git) make collaborating on software easy. Everybody can now fork our plugin to implement new features or fix a bug. We'll be happy to integrate any changes we feel will benefit other users.
If you're not that much of a coder, you can still help! We definitely need people to test the freshly baked code you'll find at GitHub.
Our GitHub page is at http://github.com/defensio. Oh... and if you don't know what Git is yet, you should definitely check out PeepCode's great video on the subject ($9, but worth every penny).
We have also created a ticket tracker at Lighthouse. You can now submit your bugs or feature requests here: http://karabunga.lighthouseapp.com
Happy collaboration!
Wordpress 2.5 is out, and we're ready!
After some delays, our friends at Automattic have finally released version 2.5 of their flagship product, Wordpress. We've been watching their progress closely and making a few tweaks along the way. Today, I'm happy to announce that the latest version of the Defensio plugin works just fine with WP 2.5!
So upgrade without fear, we'll still be there. Happy blogging!
WordPress 2.5 support coming soon
As some of you might know, our friends at Automattic are planning to release version 2.5 of WordPress today. We've been getting a lot of emails about compatibility with the Defensio plugin.
At this moment, our plugin is not yet 100% compatible with WP 2.5. We have already started making the needed adjustments and we expect to release an update in the next few days. It might be wise to wait a couple of days before upgrading to 2.5.
We'll keep you posted here.
Wordpress users, are you safe?
If you are running an older version of Wordpress, meaning less than 2.8.4, you ABSOLUTELY want to read this.
A worm that can post malware and spam to vulnerable Wordpress installations has recently been discovered in the wild and unless you're running the very latest version of Wordpress, you are at risk. Seriously at risk.
The vulnerability allowing the attack was discovered August 11 and was immediately fixed by the Wordpress team in the 2.8.4 security release. If you are using version 2.8.4 or better of Wordpress, or host your blog on Wordpress.com, you are safe.
The newly discovered worm is pretty sneaky to say the least. In a nutshell, it crawls the web looking for vulnerable Wordpress installations, makes itself an administrator account, takes full control of the website and posts malware and spam to it. It's also been reported that it will sometimes disable Defensio and other anti-spam plugins. It can be very hard to detect the new malicious administrator user since it hides itself from the users list using Javascript.
Bah... This stuff never happens to me!
If rock star blogger Robert Scoble can be hacked, you probably can as well. This vulnerability is serious, so please treat it as such.
Have I already been hacked?
As Lorelle VanFossen wrote on her blog:
How do I prevent my site from being targeted?
It's easy. Upgrade. If you are using a somewhat recent version of Wordpress (2.7+), upgrading is easy since the functionality is now built-in. But if you are not, you should take a look at the excellent InstantUpgrade plugin which makes upgrading Wordpress a single-click operation.
If you have already been hacked, you will need to delete the malicious admin user as well. Changing all your passwords is also strongly recommended.
You might also want to check out How to Keep Wordpress Secure and the My Site Was Hacked FAQ.
How can I keep my Wordpress blog safe in the future?
Wordpress is generally a safe platform. However, we recommend that you always use the latest and greatest version to make sure that all known security exploits are patched. You should also make sure that your passwords are not easily guessable, either by a human or a machine. A password of at least 8 characters which includes at least 1 uppercase, 1 lowercase and 1 digit is generally considered "strong". Following @defensio, @websenselabs and @wordpress on Twitter is also a good way to stay up to date.