Just 3 hours ago, WordPress released the latest security upgrade for StrayHorn v1.5.1.3 . Go ahead an upgrade your blogs.
After the recent security breach of PCIJ’s blog, I believe that bloggers will be more aware of the importance of regularly updating their web softwares. Along with WP, PHPNuke and PhpBB are two of the most widely exploited web apps. WP is quick in releasing patches and updates, while phpBB (now v2.0.16) regularly releases new updates as well.
Anyone who knows about the vulnerability can easily exploit them and your site might just be the unlucky target. PCIJ is still lucky the script-kiddie (not a hacker as popularly dubbed) only had limited access to their hosting account and logged in thru a WP hole, otherwise he/she could have wiped out all the files.
Please visit this Porn Search Engine to search for movies and pictures.
Here’s an in-depth dissection of the changes in WP 1.5.1.3: http://elliottback.com/wp/archives/2005/06/29/wordpress-153-security-fixes/
Only 4 core files were changed:
xmlrpc.php
wp-admin/post.php
wp-includes/functions-post.php
wp-includes/version.php
How about asking the WP guys to allow placing of their WP includes outside of public_html? Hmm…
install Apache mod_security if you can.
i upgraded pero I can’t see the diff.
@ hoop
Now that you mentioned it… ;) :D
probably. but it can be helped always.
I think it would be best practice to add a web directory password for the wp-admin folder. Would in effect add another security layer to the site.
Just upgraded myself… :D
@Jaypee, someone got a user level to enable them to post an entry. That’s all that was done actually.
Thanks Yuga!
Just updated my blog.
Followed this link to upgrade from 1.5.1.2 to 1.5.1.3
Salamat sa update. Ano nangyari sa blog ng PCIJ? nadelete ang ibang files? na vandalize ba? :D