Blog |Follow Nick on Twitter| About

Following yesterdays security announcement for wordpress, a freely available exploit has been published on milw0rm. What this means is... if you haven't upgraded DO IT NOW, as the amount of attacks will go up very quickly.

If you look through the exploit you can see that it takes advantage of existing user accounts, so a further security option can be to disable the "anyone can register" option... within wordpress admin, click options -> general and "untick" the box. (If it is on and you don't need it)

Note the explot mentions that it hasn't been tested on the 2.0.x series, but bare in mind that the wordpress team updated both trees so the chances are it will work, so both 2.1.x & 2.0.x users should upgrade.



Nick Bettison ©