WordPress database error: [Got error 28 from storage engine]
SELECT t.*, tt.*, tr.object_id FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id INNER JOIN wp_term_relationships AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ('category', 'post_tag', 'post_format') AND tr.object_id IN (1131) ORDER BY t.name ASC

9rules Official Blog » Blog Archive » Securing your WordPress site

9rules - The best content from the independent web.

Back To Blog

Subscribe To RSS Feed

Recent Blog Entries WHOOP

Securing your WordPress site

Written by Tyme White on July 9, 2008

Reading the 9rules member feeds, I came across an article by Brajeshwar that I think everyone can benefit from. He describes how he found foreign code in the header file.

I woke up today morning to find that my site feed wasn’t validating and the XMLRPC was not responding when I tried to update MarsEdit. Upon doing a quick “View Source” I found a foreign code lodged on top of my site’s header. I knew instantly that it shouldn’t be there and that something is wrong.

Brajeshwar uses his own theme so he knew that code didn’t belong there. For the average WordPress user viewing the source code would be like trying to understand a language he or she does not speak. An example: for those that drive how many people can fix the car they drive if it breaks? Mechanics can but most people have to take the car in to be repaired. Same with a blog; many people use blogging tools but if something goes wrong are unable to diagnose and repair/resolve the issue.

Brajeshwar gives an easy to follow guide on the steps he used to secure his site, even sharing the code for an .htaccess file that prevents comment spam by denying access to no-referrer requests. Take a moment and read the article. You might learn something.

This article isn’t about WordPress being unsafe because honestly, all scripts will have vulnerabilities from time to time. Pay more attention to how quickly the company patches the security issues and informs their user base. When a patch is released, update your scripts as soon as possible.

This article is about paying more attention to your site than just posting entries. This is a situation the average user wouldn’t notice without looking for it. Just like a lawn has to be cared for in order to maintain it, your blog needs attention if your content is to remain safe, no matter what content management system you are using.