Worth mentioning (as I just installed it myself) that for those of us already familiar (and happy) with Google Authenticator, there's a free GA plugin for WP that seems to work just fine in v3.5 - http://wordpress.org/extend/plugins/google-authenticator/

Kind regards

Murray Crane


On 31 December 2012 16:05, Johnathon <kirrus@kirrus.co.uk> wrote:
It's worth enabling two-factor auth if you can. There are paid services/plugins you can use, a pretty decent one is from Duo security.

Sent from my mobile, apologies for brevity.

On 30 Dec 2012, at 23:47, Andy Smith <andy@bitfolk.com> wrote:

> Hello,
>
> On Sun, Dec 30, 2012 at 11:41:34PM +0000, Ian wrote:
>> Andy said:
>>> Upon further investigation it appeared that around 30th November one
>>> of the site's legitimate Wordpress admins had logged in from an
>>> unexpected place (a Tor exit node) and had uploaded a PHP file which
>>> appeared to enable full filesystem traversal, downloading of file
>>> content, shell command execution as Apache user, etc.
>>
>> Is this something that was uploaded to the WordPress
>> wp-content/upload directories or as a plugin / theme?
>
> It was uploaded as a plugin.
>
> Cheers,
> Andy
>
> --
> http://bitfolk.com/ -- No-nonsense VPS hosting
> _______________________________________________
> users mailing list
> users@lists.bitfolk.com
> https://lists.bitfolk.com/mailman/listinfo/users

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users