Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Wordpress Site Hacked - Upgrade to WordPress 2.8.4

  1. #11
    This is why I dont use wordpress anymore for minisite/info sites. Not worth the risk. Better to use Smarty and PHP and make your site.
    Submit new proxies -

  2. #12
    Join Date
    Feb 2009
    Location
    Queensland, Australia.
    Posts
    90
    Quote Originally Posted by dollar View Post
    This is why I dont use wordpress anymore for minisite/info sites. Not worth the risk. Better to use Smarty and PHP and make your site.
    It's ok if you have the know how and the time to program it, but really for very small projects it's just easier to just set up wordpress and secure the backend by using a few plugins and changing a few things manually.
    My Awesome Signature is awesome...

  3. #13
    The AskApache is a good / easy way of implementing an additional layer of WP security
    Password Protect your Blog with Apache .htaccess and .htpasswd
    Sound Unsound is a music forum for Unsigned Artists, Dj's and Producers
    Others: PDA and Smartphone guide | What task will you do for cheap? | Crazy Links 4 Free

  4. #14
    Join Date
    May 2009
    Location
    New York
    Posts
    3,772
    The WP updates are very important. I investigated the WordPress 2.8.4 and it is a security fix that fixes a vulnerability where a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner.

  5. #15
    Join Date
    Feb 2009
    Location
    Queensland, Australia.
    Posts
    90
    Quote Originally Posted by bogart View Post
    The WP updates are very important. I investigated the WordPress 2.8.4 and it is a security fix that fixes a vulnerability where a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner.
    It's not really a security risk persay, it's just annoying.
    My Awesome Signature is awesome...

Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 29
    Last Post: 18 September, 2009, 11:24 AM
  2. Wordpress Automatic Upgrade Problem
    By Pathan in forum Wordpress
    Replies: 9
    Last Post: 13 September, 2009, 07:39 AM
  3. Replies: 0
    Last Post: 2 August, 2009, 06:59 AM
  4. Wordpress 2.8.1 upgrade mandatory
    By sizzler_chetan in forum Wordpress
    Replies: 3
    Last Post: 11 July, 2009, 21:01 PM
  5. Wordpress Blog Hacked
    By elishevadpw in forum Wordpress
    Replies: 23
    Last Post: 7 February, 2009, 10:08 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •