WordPress.org

Ready to get started?Download WordPress

Plugin Directory

!This plugin hasn't been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

ICS Security Fixes

The plugin tries to fix known WordPress vulnerabilities for older WordPress versions. Warning: For PHP 5 only.

0.6.2

  • Added missing xmlrpc.php

0.6.1

  • Sends X-XSS-Protection header

0.6

  • WP 3.1: CSRF prevention in media uploader (r17659)
  • WP 2.6-3.1.2: Partial backport of r17710 (better than nothing)
  • Pre-3.1.1: Partial fix for #16892 (r17571)
  • Pre-3.1.3: Backported what I could (added sanitize_mime_type(), set filters to (pre_)post_guid, (pre_)post_mime_type)
  • Backported esc_url() and esc_url_raw() functions from WP 2.8
  • Added esc_url(raw) to pre_comment_author_url, (pre)user_url, (pre_)link_url, (pre_)link_image, (pre_)link_rss, comment_url filters
  • A lot of code has been rewritten
  • Pre-3.1.3: anti-clickjacking header (see HTTP Headers to Secure Your Website)
  • Fixed SEC-20110701-0

0.5

  • Backport of r17172 for wp-includes/formatting.php (affects 2.3.1-3.0.3; cannot be fixed in 2.3.0)

0.4

  • Backport of r17393, r17387, r17400, r17406 from 3.0.5.

0.3

  • First stable version (thanks to Sergey Biryukov) for the patches
  • SA23621 is partially fixed (it remains not fixed even in the current WP)
  • Hides versions of the used scripts and stylesheets
  • Due to numerous requests, the plugin hides All in One SEO Pack's version

0.2

  • Bug fixes
  • Forcefully sets the default CSS/JS version to 0.0 (by default it matches the WordPress version)

0.1

  • disables trackback/pingback whitelisting (fixed in 3.0.2, exists since 1.x)
  • tries to protect against SQL truncation attack during signup
  • stops SQL injection attack when processing trackbacks
  • CVE-2008-4769
  • closes old slug redirect vulnerability
  • tries to fix redirection bug to file:// and scp:// (you must have really old cURL if you are hit with this bug)
  • stops SQL injection attack in wp_insert_attachment()
  • stupid trick to fight the feed replacement vulnerability
  • PRNG attack protection;
  • tries to fix 2.7.x/2.8.x admin remote code execution
  • fixes 2.5 Cookie Integrity Protection Vulnerability
  • fixes 2.5.1 reset password bug

Requires: 2.3 or higher
Compatible up to: 3.2.1
Last Updated: 2011-7-12
Downloads: 1,913

Ratings

5 stars
5 out of 5 stars

Support

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.

100,2,2
100,1,1
100,1,1
100,1,1
100,1,1
100,1,1