WordPress is the least vulnerable CMS • WordPress Help

According to a recent study conducted with BlindElephant a tool of Qualys, to determine the vulnerability of the most popular Open Source software, WordPress resulted in these analyzes the CMS with the least critical vulnerabilities

In the study, in addition to finding that, although they scare the figures a bit, Open Source software is no more insecure than proprietary software despite not having technical equipment dedicated to keeping them for "his clients", the difference that marks WordPress was evident, do we see it?

The tool, of all the analyzed sites, found vulnerabilities in the …

WordPress only showed a 4% of critical vulnerabilities and a 21.5% of average vulnerabilities

It has also been clear in the study that the vulnerabilities found in WordPress affected the old versions, the current ones being the safest and stables. So you already know to update WordPress!

WordPress Wiki Plugin – WordPress Help

As it seems that the development of Blicki is more dead than alive, the people of Instinct have created a plugin for Wiki for WordPress . So you will not need in many cases to use integrations of WordPress and MediaWiki for example.

If you install this plugin you can add the possibility of assigning to a page or post of your WordPress blog the functionality of it " editable as a wiki "

To install it you do not have to do anything special, just upload it to the folder ' wp-content / plugins / ' and activate it, then you'll see the new one box that commented before. Do you dare to try it and tell us what, you can [download] here .

Multiple (WordPress + bbPress + MediaWiki) in one • WordPress Help

 WordPress + bbPress + Mediawiki

Imagine that we are in this situation:

We have a collaborative website (wiki type) multi-language , each language is in a subdomain, each of these subdomains has its portal made with WordPress, its forums with bbPress and its wikis with MediaWiki, an extra to share the files (like the Wikimedia Commons) and we want users and cookies be unified, integrated.

Okay, it seems a bit far fetched, but it's possible. But I notice that this article is quite extensive and maybe heavy.

So, with what we have seen, we are going to integrate the following:

Of course, the amount may be greater, but I explain it this way because it is what I use.

This tutorial also helps if you do not want to integrate with MediaWiki, so you can leave it early


To start, do the two installations of WordPress ((Better that they are in the same database, to make things easier and because I have not found any way to do it with different databases)).

Very important : For the integration of cookies to work correctly, especially in the integration with bbPress, the facilities should be in different subdomains but with identical directory names.

You need to add the " Authentication unique keys "((For security and to improve integration)). Make them equal between blogs, not between them, and then get to unify cookies. This is quite important. The key NONCE_KEY of each installation should be different. You can use the automatic generator that the creators of WordPress put at your disposal.

And I feel heavy, but remember to put the same keys between the blogs, not between them, and put the NONCE_KEY different, for safety.

Once you have done this, decide which of the two installations will be the main one (for example, the one with the prefix " wp1_ ") and the secondary one ( in this case, " wp2_ "). Now, let's edit the file wp-config.php the latter. After the definition of the prefix of the tables, it is necessary to add:

To make things easier, it is not necessary to share the usermeta table, because if you do you must add a few things so as not to lose administrative access to the second blog. The only good thing about joining them is that the name to be shown, if it is different from the user name, will be updated in all the installations. It also helps you, to share it, to have all the user permissions together, but since it is only a visual thing in case you access the BD, better not to touch it ((I have put it together, I admit it.) But it has given me a few problems By the way, I also recommend, once made these changes, follow the tutorial that ejner69 did about Change the name to the user admin to be able to have the username you want.

What is missing now is to integrate the cookies completely. This is something more to understand depending on how you have mounted the shed (subdomains, databases, etc.). I have it so beautiful that it took me three days to get it.

To encrypt the login data, WordPress uses, apart from the keys AUTH_KEY SECURE_AUTH_KEY and LOGGED_IN_KEY other random and unique keys generated during installation calls AUTH_SALT and LOGGED_IN_SALT (and SECURE_AUTH_COOKIE if you use an SSL connection) and that saves them in the database. With this in mind, it seems that it can be difficult to integrate everything, but it is not so. You just have to define them in the wp-config.php of each installation to be the same.

As if you use subdomains within the same domain, the names of the cookies will also be different, because they are put into use of the subdomain, in the end you better do something like this:

Where it says numerosyminusculas put the same thing in three. The most recommendable is, for example, the hash md5 of the domain of your web or the hash md5 of a random sentence ((You can generate those hashes using this online tool )). This is simply to give them a unique name that does not bother the cookies of other websites.

Now you can try and log in to the installation you want and access the other. You will see that the session is also started. Keep in mind that the user's password will be what you have in the installation of the shared table, logically. If you try to close session, you will see that it also closes in both


Here we must pay special attention in the installation if we want to make it easier. For starters, I recommend that you add the translation file that Fernando has made in the folder / bb-includes / languages ​​. Once you've done it, it's as easy as accessing the URL where the forum will be and choosing es_ES from the drop-down list. Then, Let's go to it! .

We fill in the configuration of the database and continue with the installation as if you were not going to integrate WordPress. In this case, you can put the bbPress installations in databases other than WordPress. Even different from each other.

Very important : Within the security codes, you must put the same as in the installation of the WordPress, except the NONCE ]which should be different for security.

Once we get to the page to choose the username, put it the same as the WordPress installation. If you have not changed it, put admin .

And do the same for the second forum. Keep in mind that the cookies will only work if they are in different subdomains but in folders with the same name that I spent a lot of time trying not to, but it is.

Now there's to edit the file bb-config.php of each installation. Add before ?> :