Comments on: WP Blogsecurify http://www.gnucitizen.org/blog/wp-blogsecurify/ Information Security Think Tank Sat, 02 Feb 2013 17:50:40 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: Featured Plugins for October | Word Press Magazine http://www.gnucitizen.org/blog/wp-blogsecurify/comment-page-1/#comment-127631 Featured Plugins for October | Word Press Magazine Thu, 16 Jul 2009 18:42:10 +0000 https://www.gnucitizen.org/?p=1675#comment-127631 [...] WP Blogsecurify 1.0 is a security plugin for WordPress designed to integrate several simple but important security patches for the popular blogging platform. [...] [...] WP Blogsecurify 1.0 is a security plugin for WordPress designed to integrate several simple but important security patches for the popular blogging platform. [...]

]]> By: Featured Plugins for October | Mamma Mac.com http://www.gnucitizen.org/blog/wp-blogsecurify/comment-page-1/#comment-124335 Featured Plugins for October | Mamma Mac.com Fri, 14 Nov 2008 07:18:21 +0000 https://www.gnucitizen.org/?p=1675#comment-124335 [...] WP Blogsecurify 1.0 is a security plugin for WordPress designed to integrate several simple but important security patches for the popular blogging platform. [...] [...] WP Blogsecurify 1.0 is a security plugin for WordPress designed to integrate several simple but important security patches for the popular blogging platform. [...]

]]> By: Featured Plugins for October — WPCandy — WordPress Themes, Plugins, Tips, and Tricks http://www.gnucitizen.org/blog/wp-blogsecurify/comment-page-1/#comment-124243 Featured Plugins for October — WPCandy — WordPress Themes, Plugins, Tips, and Tricks Fri, 31 Oct 2008 10:09:32 +0000 https://www.gnucitizen.org/?p=1675#comment-124243 [...] WP Blogsecurify 1.0 is a security plugin for WordPress designed to integrate several simple but important security patches for the popular blogging platform. [...] [...] WP Blogsecurify 1.0 is a security plugin for WordPress designed to integrate several simple but important security patches for the popular blogging platform. [...]

]]> By: pdp http://www.gnucitizen.org/blog/wp-blogsecurify/comment-page-1/#comment-124174 pdp Mon, 27 Oct 2008 10:12:38 +0000 https://www.gnucitizen.org/?p=1675#comment-124174 Hi Martin, The plugin does a few things. First of all, it detects whether you want to authenticate or you are already authenticated. If yes, then it forces you over SSL. Underneath it is a bit more tricky. The plugin tries to guarantee that no matter what you do, your session identifiers never get sent over an unencrypted channel. The plugin uses its own cookies to keep your session state when browsing your site while authenticated. This mechanism preserves your user experience while enforcing extra security. In case of XSS, httpOnly is enabled to prevent damages. This only prevents session hijacking attacks though. The plugin is coded in very clear fashion. It is easy to understand once you have a look at what it is inside. Hi Martin,

The plugin does a few things. First of all, it detects whether you want to authenticate or you are already authenticated. If yes, then it forces you over SSL. Underneath it is a bit more tricky. The plugin tries to guarantee that no matter what you do, your session identifiers never get sent over an unencrypted channel. The plugin uses its own cookies to keep your session state when browsing your site while authenticated. This mechanism preserves your user experience while enforcing extra security. In case of XSS, httpOnly is enabled to prevent damages. This only prevents session hijacking attacks though.

The plugin is coded in very clear fashion. It is easy to understand once you have a look at what it is inside.

]]> By: MartinJ http://www.gnucitizen.org/blog/wp-blogsecurify/comment-page-1/#comment-124173 MartinJ Mon, 27 Oct 2008 09:27:32 +0000 https://www.gnucitizen.org/?p=1675#comment-124173 Out of curiosity: How does the promised protection against session hijacking work? http_only? Out of curiosity: How does the promised protection against session hijacking work? http_only?

]]> By: ehmo http://www.gnucitizen.org/blog/wp-blogsecurify/comment-page-1/#comment-124170 ehmo Sun, 26 Oct 2008 12:54:29 +0000 https://www.gnucitizen.org/?p=1675#comment-124170 hey, i'm sceptic. so far as i know, mostly blogs running on hostings, which don't have ssl connection allowed. i don't think that this is a good way. i've some others ideas, which will protect ppl, but will not bounds them. but good job anyway. hey, i’m sceptic. so far as i know, mostly blogs running on hostings, which don’t have ssl connection allowed. i don’t think that this is a good way. i’ve some others ideas, which will protect ppl, but will not bounds them.

but good job anyway.

]]> By: dian http://www.gnucitizen.org/blog/wp-blogsecurify/comment-page-1/#comment-124168 dian Sun, 26 Oct 2008 12:35:10 +0000 https://www.gnucitizen.org/?p=1675#comment-124168 i've been reading your site along time, this one i'm goin to use it in my site after wordpress 2.7 comes out. Thx for the tips guys :) i’ve been reading your site along time, this one i’m goin to use it in my site after wordpress 2.7 comes out. Thx for the tips guys :)

]]>