Found a disclosure during authentication to a blog for version 2.1.2. When a person logs in with the wrong username into /wp-admin, the error message states “ERROR: Incorrect username”. Whereas if you put enter the correct username and the wrong password, you get the following. The problem is that WordPress is disclosing that that username [...]

Categories: security

Sometimes security is ignored due to timelines, money, politics etc… I recently had to explain why having different web functions on the one physical box is a bad idea… – Good security practice recommends separating and segregating different functions, especially in a web environment, to different systems – Being on different systems, access can be [...]

Categories: Uncategorized