이 플러그인은 최근 3개의 주요 워드프레스 출시와 시험 되지 않았습니다. 워드프레스의 좀 더 최근 버전으로 이용할 때 더 이상 관리되지 않고 지원되지 않고 호환성 문제가 있을 수 있습니다.

ICS Security Fixes

설명

Like any other software WordPress does have bugs and security vulnerabilities. They get fixed when the developers become aware of them.
However, sometimes several WordPress releases are vulnerable. The problem is that the developers do not backport security updates to older WordPress releases.
As a result, those who do not want to upgrade their WordPress installations (for example, because newer WP releases tend to consume more system resources and
upgrade may result in having to use more expensive hosting) remain vulnerable.

ICS Security Fixes is the plugin for those who do not upgrade their WordPress: the plugin tries to fix known WordPress vulnerabilities
at that remaining compatible with as many old WordPress releases as possible.
And though it cannot fix all known vulnerabilities, it makes older WordPress installations more secure.

Warning

This plugins requires that PHP 5 be installed. PHP 4 is not supported.

설치

  1. Upload ics-security-fixes folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. Have fun 🙂

FAQ

None yet. Be the first to ask.

후기

이 플러그인에 대한 평가가 없습니다.

기여자 & 개발자

“ICS Security Fixes”(은)는 오픈 소스 소프트웨어입니다. 다음의 사람들이 이 플러그인에 기여하였습니다.

기여자

자국어로 “ICS Security Fixes”(을)를 번역하세요.

개발에 관심이 있으십니까?

코드 탐색하기는, SVN 저장소를 확인하시거나, 개발 기록RSS로 구독하세요.

변경이력

0.6.2

  • Added missing xmlrpc.php

0.6.1

  • Sends X-XSS-Protection header

0.6

  • WP 3.1: CSRF prevention in media uploader (r17659)
  • WP 2.6-3.1.2: Partial backport of r17710 (better than nothing)
  • Pre-3.1.1: Partial fix for #16892 (r17571)
  • Pre-3.1.3: Backported what I could (added sanitize_mime_type(), set filters to (pre_)post_guid, (pre_)post_mime_type)
  • Backported esc_url() and esc_url_raw() functions from WP 2.8
  • Added esc_url(raw) to pre_comment_author_url, (pre)user_url, (pre_)link_url, (pre_)link_image, (pre_)link_rss, comment_url filters
  • A lot of code has been rewritten
  • Pre-3.1.3: anti-clickjacking header (see HTTP Headers to Secure Your Website)
  • Fixed SEC-20110701-0

0.5

  • Backport of r17172 for wp-includes/formatting.php (affects 2.3.1-3.0.3; cannot be fixed in 2.3.0)

0.4

  • Backport of r17393, r17387, r17400, r17406 from 3.0.5.

0.3

  • First stable version (thanks to Sergey Biryukov) for the patches
  • SA23621 is partially fixed (it remains not fixed even in the current WP)
  • Hides versions of the used scripts and stylesheets
  • Due to numerous requests, the plugin hides All in One SEO Pack’s version

0.2

  • Bug fixes
  • Forcefully sets the default CSS/JS version to 0.0 (by default it matches the WordPress version)

0.1

  • disables trackback/pingback whitelisting (fixed in 3.0.2, exists since 1.x)
  • tries to protect against SQL truncation attack during signup
  • stops SQL injection attack when processing trackbacks
  • CVE-2008-4769
  • closes old slug redirect vulnerability
  • tries to fix redirection bug to file:// and scp:// (you must have really old cURL if you are hit with this bug)
  • stops SQL injection attack in wp_insert_attachment()
  • stupid trick to fight the feed replacement vulnerability
  • PRNG attack protection;
  • tries to fix 2.7.x/2.8.x admin remote code execution
  • fixes 2.5 Cookie Integrity Protection Vulnerability
  • fixes 2.5.1 reset password bug