Friday, March 20, 2015

Why you should keep wordpress and wordpress plugins updated

Recently some vulnerabilities have been found in some popular plugins used in wordpress sites. The developer teams have been quick in releasing fixes, however in most cases users need to update their plugins to get the latest patch.

Some of the recent vulnerabilities found (and fixed) have been

Google analytics plugin by Yoast:
A vulnerability was found in the plugin which allowed unauthenticated user to store javascript and html in dashboard. This could enable change of admin password, creating new admin account. This was fixed by Yoast team on March 19 2015.
More details at

Wordpress SEO plugin by Yoast

A CSRF problem which allowed blind SQL injection where by having a logged-in author, editor or admin visit a malformed URL a malicious user could change your database. A fix was released on March 11 2015. The team put out a forced automatic update, but if it wasn't updated automatically you should update the plugin.

More details at

WPML vulnerability
Multiple vulnerabilities were found in WPML (used for creating multilingual wordpress sites). Serious SQL injection flaw which could allow malicious user to read wordpress database including users details and password hashes without authentication. This has been fixed by WPML team on March 10 2015 and patch was released.

More details at

Recent vulnerabilities have also been found in plugins like woocomerce plugin, wodpress video gallery, fancy box plugin (to name a few). So it is best to keep your plugins updated (at least whenever a security patch is released).

Tuesday, May 21, 2013

How to preview bitly shorten URL before actually clicking/visiting the site

Mostly sites like twitter have length restriction on URLs so you will see bitly links being shared.

Sometimes it is not safe to just blindly click the shortened link (specially if you are not sure about the source). In such case you can follow the below method to first get an idea of where the link will take you

1. Add "+" sign at the end of bitly address. For example if you want to check out , 
just type 
to see where it points.

2. Alternatively you can type (i.e. add "info" in between).

Similar trick works for google shortened URL

Monday, May 20, 2013

Slitaz : A pretty lightweight linux disto

I needed to install a very minimal light weight linux distro (which could be quickly downloaded and used). I found one which was pretty small and easy to install.

This one is called Slitaz ( ).

The iso file for installation is just 34.7 MB (downloads pretty quickly). Installation is also quick and it is quite stable and fast. Here are the steps I followed to install it from usb (if you need it).

Download iso from

Follow the steps described for ubuntu here to make a bootable USB ( .

Just remember to select "Slitaz"  instead of "Ubuntu version" in step 1 of Universal-USB-Installer.exe.

Found it useful since I needed a quick way to install and check my files/backup data.