September 8, 2009
There have (unsurprisingly) been a lot of blog posts written in the last few days about WordPress security and what you can do to keep your blog safe from hackers. I'll be chucking my own twopennorth in shortly, but for now, I want to look at one of the recommendations in more detail: "get rid of the user called 'admin'". This is a pretty sensible piece of advice. On most WP installs, "admin"... Read more
September 5, 2009
Lorelle has news that older versions of WordPress are being attacked. Symptoms include: odd additions to permalinks - "eval" and "base64_decode". Your blog's permalinks will no longer work. a new administrator account, perhaps named Administrator (2), created but not by you. This can happen even if registration is turned off on your blog. If you haven't upgraded, DO IT NOW. As of... Read more
August 12, 2009
There's a new release of WordPress available this morning: 2.8.4 is labelled a security release, so you should upgrade as soon as possible. If there's not a link on your dashboard, you can upgrade automatically through Tools > Upgrade. A word also about what this upgrade is for. Late yesterday (if you're in my time zone), a vulnerability was discovered: it was possible to generate a new... Read more
July 20, 2009
Hot on the heels of 2.8.1, WordPress version 2.8.2 was released this morning to fix an XSS vulnerability which could have been exploited to direct authors away from their admin sections to another site. If it's not there already, over the next few hours a link to upgrade should appear on your WordPress dashboard: not everyone sees it at once, but when you do, please click it. If you're... Read more