I’m working on a project and am doing some research thanks

Unlike what most think.. The internet was not just created in 1995 or so .. The internet has existed since the early 60’s, it just was not in the general public then..

Even AOL has a copyright of 1986 and eWorld (Macintosh online service) was there before AOL and as a matter fact AOL bought it out in I think it was 1994.

James

Well over 100 customers are very happy that they purchased my WP Secured solution..

Fact is updating means nothing, the code is not encrypted and hackers have access to the code just like you do..

If you change how wordpress functions then it is very obvious that hackers can not hack it as they will have no idea what changes you made.

The past five years has seen the popularity of blogs grow in their use and as a means of making money. That’s the meat that computer hackers look to sink their teeth into. A recent report by the Congressional Research Service stated that the financial impact of computer hackers amounts to $226 billion annually. Another report calculated that hackers could be taking up to six cents of every Internet dollar of revenue.

Hackers recently discovered that WordPress Blogs featured an easy path for them to cause their trouble. Many WordPress Blog owners have had their blogs hijacked in a variety of ways. They’ve found ads on their WordPress Blogs that they didn’t place there. Others have discovered that when someone clicks a search engine link to be taken to their WordPress Blog they’re instead taken to a totally different page full of ads that are often obscene and featuring computer viruses.

Think about it ….

James

Clearly lacks any knowledge/experience of auditing code to find a vulnerability, then creating a custom exploit for that vulnerability, creating an agent to carry the exploit payload across Internet Protocols recognized by the target (blog on HTTP), and finally delivering and executing the payload.

It’s quite nearly impossible to “fake” an IP address, read anything about IP protocols and Kevin Mitnick to get a clue.

Updating your WP is the single best thing you can do… because exploits are custom built to exploit vulnerabilities in OLD versions. Once an exploit is made public, through honeypots, active logging, etc.. WP releases an update. See “Open Source” for basic background on how this works.

No offense James, you’ve put some effort and thought into your suggestions but without understanding what an exploit is and how a server/web app/system operates you’ll just be wasting your time.

I’d liken your ideas to this scenario.. A user spends a lot of time creating a custom password-login-prompt that is loaded every time a user wants to login to the admin panel.

Seems secure..

[ request admin ] => [ password prompt ]

But thats completely misleading. Here’s how the request really travels.

[ request admin ] ==> [ protocol setup OS-dependent ] ==> [ server finds requested file ] ==> [ server determines how to "handle" file (php) ] ==> [ server executes php binary or module ] ==> [ php opens file according to php config ] ==> [ requested file parsed by php ] ==> [ php includes wp-config.php to access database ] ==> [ php sends output/headers on tcp/ip connection established by server app ] ==> [ finally your password-protection is loaded and executed ]

Now that is entirely over-simplified, and you can see that there are around 15 different points in-between when the request is sent to the server and when the password-protection actually starts. All it would take is modifying file permissions, changing wp-config.php info, modifying how the server “handles” php, executing a OS-level/Server-level/Protocol-level/Application-level exploit and all that so-called “security” is completely circumvented.