Disqus WordPress Plugin Vulnerability

This content is 5 years old. Technology changes with time. Keep that in mind as you read this article.

A vulnerability has been discovered in the Disqus plugin for WordPress allowing for Remote Code Execution. The Disqus plugin is used on nearly 2 million WordPress blogs.

Who is Vulnerable?

A remote attacker could successfully execute remote code provided the following version of software are true:

  • PHP <= 5.1.6
  • WordPress <= 3.1.4
  • Disqus Plugin <= 2.75

How it Works

A specially crafted comment on a WordPress post, such as {${phpinfo()}}, followed by opening the comment synchronization URL http://www.example.com/?cf_action=sync_comments&post_id=TARGET_POST_ID, is all that is needed to execute remote code.

How do I Fix It?

Log into your WordPress administration panel and update the Disqus plugin.

Make sure PHP is up-to-date with the latest version.

Feeling Blue

This content is 5 years old. Technology changes with time. Keep that in mind as you read this article.

I’m not really feeling blue.  Blue just happens to be my favorite color.  When someone asks me Rich, what is your favorite color?, I respond with #336699.

You’ll notice I have been working on the website color.  This is a child theme I’m creating based on the WordPress Twenty Twelve theme.  So far, I’m liking it.  I have not decided which colors to use for link hover — it is red for now.

Add a Login/Logout Menu Item to WordPress Navigation Menu

This content is 6 years old. Technology changes with time. Keep that in mind as you read this article.

This will add a Login or Logout (depending on state) to your WordPress navigation menu. I have one on mine now; makes it easy to quickly log in/out to test things.

Put the following in your child theme’s custom functions PHP file.

add_filter( 'wp_nav_menu_items', 'add_loginout_link', 10, 2 );
function add_loginout_link( $items, $args ) {
     if (is_user_logged_in()) {
$items .= '<li><a href="'. wp_logout_url() .'">Log Out</a></li>';
}
elseif (!is_user_logged_in()) {
$items .= '<li><a href="'. site_url('wp-login.php') .'">Log In</a></li>';
}
return $items;
} 

Portable WordPress

This content is 7 years old. Technology changes with time. Keep that in mind as you read this article.

Here is an all-in-one solution for a portable WordPress.  The creator packs MySQL, PHP, Apache and WordPress together and allows you to drop this folder onto a thumbdrive or network share, etc.  It’s nice and small (<30MB) and works well.

WordPress Portable:  http://wordpress-portable.webnode.com/

It also gives you a system tray icon with a right click context menu.

width=25

 

 

width=215