Archive for the ‘security’ Category

Tightening Akismet Anti-Spam

Akismet Anti SPAM AddOn/Hack [Archive] – Pixelpost Forum: “This is not a true addon and needs core files to tbe changed a bit – do it only if you know what you are doing.”

WordPress PassWord Security

There’s more to this than I can say; I’m really not up to speed on this issue. But this post raises some of the most important points.

Paj’s Home: Cryptography: JavaScript MD5: Login System (see also CHAP Secure Login):

“The core of the login system is a “challenge response” exchange. The server generates a random number – the challenge – and sends this to the client. The client performs a hash operation including both the challenge and the password, and returns the result to the server. The server checks this against its own calculation. During this exchange, the password is never transmitted as plaintext. Replay attacks are prevented because the challenge is different every time.”

Also of interest: technosailor’s WordPress FAQ series