scriptygoddess

07 Dec, 2004

WP security bug

Posted by: Jennifer In: WordPress: Lessons Learned

There's a pretty serious security bug with WP 1.2.1 (and the current 1.3 alpha), one that can make it so your blog is basically unusable (not permanently, as far as I can tell) but still – if you're using WordPress you should probably make this change.

In any case, here is how you fix the problem. It's a very easy fix. If you can search for text on a page, you can fix this problem.

I hesitated posting this, because I don't want to "start a panic" – nor do I want to give instructions on how to hack WP blogs. But I do think it's important that people go ahead and make this change.

[brought to my attention by Christine]

No related posts.

5 Responses to "WP security bug"

1 | snapping links » assorted

December 8th, 2004 at 4:42 pm

Avatar

[…] the RSS feed for APOD (I've been hoping there was something like that out there.) something more to do really slick screensavers (open source, OpenGL […]

2 | Shelagh

December 8th, 2004 at 12:44 am

Avatar

Thanks for the heads up :)

3 | Christine

December 8th, 2004 at 2:06 am

Avatar

If something goes wrong, it can be fixed and usuable again; it requires knowledge of PHPMyAdmin to go into the database to fix the URL. Then everything should work again just fine.

4 | Mark J

December 8th, 2004 at 4:26 am

Avatar

This isn't a severe site breach, so I don't have a problem with notifying everyone. If this were a more serious bug, then I'd use caution. But all it really does it make your site ugly and quasi-functional, and there is no loss of data.

5 | marcus' scrappad

December 9th, 2004 at 6:59 pm

Avatar

WordPress bug
Just saw that scriptygoddess posted about it, too. I first read about the bug in this post, but didn't think much of it. Until three days later my site was broken. I grepped through the log file to see what had happened, and found the guy who did it. …

Categories

Archives

Featured Sponsors

Genesis Framework for WordPress

Advertise Here

Search


  • Scott: Just moved changed the site URL as WP's installed in a subfolder. Cookie clearance worked for me. Thanks!
  • Stephen Lareau: Hi great blog thanks. Just thought I would add that it helps to put target = like this:1-800-555-1212 and
  • Cord Blomquist: Jennifer, you may want to check out tp2wp.com, a new service my company just launched that converts TypePad and Movable Type export files into WordPre

About


Advertisements

Copyright © 2024 scriptygoddess is proudly powered by WordPress

Fervens - C Theme is created by: Design Disease brought to you by Smashing Magazine