[chris-allen-lane.com] Programming | Security | DIY

Tag: wordpress

A Clever Spam Delivery Mechanism

This week a client forwarded me a spam email he received that I thought was interesting. It is reproduced below, with sensitive information and spam links redacted out:

A Payload Dump from a Malfunctioning Wordpress Spam Bot

I stumbled onto this comment in a client's Wordpress database, and thought it was interesting. It looks like a spam bot malfunctioned and output all of (or at least, a large portion of) its comments. They are reproduced below:

Deploying Wordpress: Syncing Files in a Multi-Server Installation

Recently, some of my company's WordPress sites have become so popular that I chose to migrate them onto a multiple-webserver deployment system in order to keep up with the traffic. I encountered some interesting challenges while setting this up, so I figured I'd document them here.

Introducing "Foresight" - A Wordpress Security Plugin

I recently published a new plugin to the Wordpress.org Plugins Directory. I call it Foresight. It is available for download here:

http://wordpress.org/extend/plugins/foresight/

Foresight is a simple plugin that serves a simple purpose: it helps blog administrators to stay current on known exploits for Wordpress and for Wordpress plugins.

Making Wordpress Domain-agnostic

I like Wordpress a lot. It's one of my favorite open-source projects, and I use it often for both my professional and personal projects. It's been my go-to web development framework for a number of years now.

There's one thing I don't like about Wordpress, though: the domain to which a Wordpress site is deployed is saved as a setting in its database. I don't think that was a good design decision, because it makes it painful to move a Wordpress site from one domain to another. This shortcoming is especially evident if you're trying to develop a Wordpress site on one domain, but would like to deploy to another. (For example, I always set up my local sandbox such that the WIP lives at example.dev, while deployments are pushed to example.com). I really wish Wordpress had been designed to path against its own document root, much like MediaWiki (another great piece of web software).

A while ago, though, I came up with a little hack to make Wordpress do exactly that.

Older Posts »