Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Templates have Vulnerabilities?


  • Please log in to reply
1 reply to this topic

#1 WhightKnight

WhightKnight

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 08 March 2013 - 02:53 PM

I am attempting to secure my website running WordPress on it. I am interested in keeping the website as secure as possible. To do this, I plan on updating WordPress as soon as new patches come out. I also plan on regularly updating modules because I know that they too can have vulnerabilities.

 

My question is do I have to worry about vulnerabilities within WordPress themes. Are there ways to exploit a website by holes in the coding of a specific type of template/theme?

 

Thank you.



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 PM

Posted 08 March 2013 - 03:54 PM

WordPress Themes can contain code (.php files), thus in theory they can contain bugs that are vulnerabilities.

 

FYI: I host my blog (http://blog.didierstevens.com) on wordpress.com. It is free and I don't have to update it, Wordpress does that for me.

I do pay a yearly fee of around $30 to make my blog accessible via blog.didierstevens.com (otherwise it would be only accessible via didierstevens.wordpress.com).


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users