mwhoyle

The most common attacks against a WordPress blog usually fall into two categories.

1. Sending specially-crafted HTTP requests to your server with specific exploit payloads for specific vulnerabilities. These include old/outdated plugins and software.
2. Attempting to gain access to your blog by using “brute-force” password guessing.

The ultimate implementation of this “second layer” password protection is to require an HTTPS SSL encrypted connection for administration, so that all communication and sensitive data is encrypted.

Pam, one can also edit the plugin code from the WordPress Dashboard accessible to administrators.

Here’s a brief overview: http://codex.wordpress.org/Plugins_Editor_Screen

If you can create a post using the Dashboard, you should be able to handle this, too, I think. Line 160 reads

unset($plugins->active[ array_search( $basename, $plugins->active ) ] );

Just put two forward-slashes in front of it…

// unset($plugins->active[ array_search( $basename, $plugins->active ) ] );

And then click the Update File button at the bottom of the page.

Don’t mean to sound critical. (really) Just noticed that.

Jeremy, can you clarify what you mean by “all registered users with publishing privileges” in your previous post? Does that mean all users with privileges on the WordPress site in question?

We have a WordPress site and are trying to get the post-by-email feature of JetPack working, too. I have an account on WordPress.com and was able to enable JetPack on our site and generate a publishing-by-email email address, but it seems I’m the only one who can use it. Or is that behavior by design?

Thanks for the help. WordPress rocks.

Matt Hoyle