Bad Behavior Security Update Release
The most recent update for the Bad Behavior plugin contains security patches. These security updates are aimed at cross-site scripting and cross site request forgery issues. For those of you not familiar with these type of exploits please see below:
Cross–site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross–site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
Cross–site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts.
As with all security based updates it is highly recommended that you download and update the Bad Behavior plugin as soon as possible. If you are managing multiple websites consider using a plugin such as MainWP or a service such as ManageWP which can make updating multiple sites much easier. Another option is the Auto Update plugin which will allow you to set plugins to automatically update when a new version is out. One issue is that the Auto Update plugin has not been updated for 8 months and is not yet fully tested with WordPress versions over 4.4.
Update: This Automatic Plugin Updates found here is presently active and working with WordPress 4.6.
- Author: Michael Hampton
- Last Updated: 8-25-2016
- Requires: 3.5+ or higher
- Compatible up to: 4.6
- Average 5-Star Rating: 4
Posted on August 25, 2016 by Michael Hampton Posted in Uncategorized
Bad Behavior 2.2.19 has been released. This is a security release affecting WordPress users, who should update as soon as possible.
The following changes have been made since 2.2.18:
- WordPress: In certain circumstances, a cross-site scripting attack was possible via the Bad Behavior Whitelist options page. This issue has been fixed.
- WordPress: Protection from cross-site request forgery (WordPress nonces) has been added to the Bad Behavior Whitelist and Bad Behavior Options pages. This covers cases where Bad Behavior’s built-in CSRF protection is disabled or ineffective.
Posted on January 13, 2016 by Michael Hampton Posted in Uncategorized 1 Comment
Bad Behavior 2.2.18 has been released. This is a maintenance release and is recommended for all users.
The following changes have been made since 2.2.17:
- A new IP address range is in use by the Bing search engine; this range has been added to Bad Behavior.
Just as a reminder, if you use CloudFlare on your site, you must enable the Reverse Proxy option in Bad Behavior’s settings, or many of your visitors and search engines will be blocked.