Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Wordpress Site Hacked - Upgrade to WordPress 2.8.4

  1. #11
    Keldorn's Avatar
    Keldorn is offline Net Builder
    Join Date
    Dec 2008
    Location
    Canada
    Posts
    400
    Thanks
    21
    Thanked 60 Times in 52 Posts
    This is why I dont use wordpress anymore for minisite/info sites. Not worth the risk. Better to use Smarty and PHP and make your site.
    Submit new proxies -

  2. #12
    A12Alex is offline Newbie Net Builder
    Join Date
    Feb 2009
    Location
    Queensland, Australia.
    Posts
    90
    Blog Entries
    1
    Thanks
    15
    Thanked 9 Times in 6 Posts
    Quote Originally Posted by dollar View Post
    This is why I dont use wordpress anymore for minisite/info sites. Not worth the risk. Better to use Smarty and PHP and make your site.
    It's ok if you have the know how and the time to program it, but really for very small projects it's just easier to just set up wordpress and secure the backend by using a few plugins and changing a few things manually.
    My Awesome Signature is awesome...

  3. #13
    chatterbox's Avatar
    chatterbox is offline Newbie Net Builder
    Join Date
    Jul 2009
    Location
    Australia
    Posts
    141
    Thanks
    15
    Thanked 12 Times in 10 Posts
    The AskApache is a good / easy way of implementing an additional layer of WP security
    Password Protect your Blog with Apache .htaccess and .htpasswd
    Sound Unsound is a music forum for Unsigned Artists, Dj's and Producers
    Others: PDA and Smartphone guide | What task will you do for cheap? | Crazy Links 4 Free

  4. Thanked by:

    bogart (30 August, 2009)

  5. #14
    bogart's Avatar
    bogart is offline Super Moderator
    Join Date
    May 2009
    Location
    New York
    Posts
    3,772
    Thanks
    1,886
    Thanked 776 Times in 609 Posts
    The WP updates are very important. I investigated the WordPress 2.8.4 and it is a security fix that fixes a vulnerability where a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner.

  6. #15
    A12Alex is offline Newbie Net Builder
    Join Date
    Feb 2009
    Location
    Queensland, Australia.
    Posts
    90
    Blog Entries
    1
    Thanks
    15
    Thanked 9 Times in 6 Posts
    Quote Originally Posted by bogart View Post
    The WP updates are very important. I investigated the WordPress 2.8.4 and it is a security fix that fixes a vulnerability where a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner.
    It's not really a security risk persay, it's just annoying.
    My Awesome Signature is awesome...

  7. Thanked by:

    bogart (30 August, 2009)

Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 29
    Last Post: 18 September, 2009, 11:24 AM
  2. Wordpress Automatic Upgrade Problem
    By Pathan in forum Wordpress
    Replies: 9
    Last Post: 13 September, 2009, 07:39 AM
  3. Replies: 0
    Last Post: 2 August, 2009, 06:59 AM
  4. Wordpress 2.8.1 upgrade mandatory
    By sizzler_chetan in forum Wordpress
    Replies: 3
    Last Post: 11 July, 2009, 21:01 PM
  5. Wordpress Blog Hacked
    By elishevadpw in forum Wordpress
    Replies: 23
    Last Post: 7 February, 2009, 09:08 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •