Wordpress Site Hacked - Upgrade to WordPress 2.8.4

**Keldorn** · 29 August, 2009, 07:01 AM

This is why I dont use wordpress anymore for minisite/info sites. Not worth the risk. Better to use Smarty and PHP and make your site.

**A12Alex** · 29 August, 2009, 09:13 AM

Originally Posted by dollar

This is why I dont use wordpress anymore for minisite/info sites. Not worth the risk. Better to use Smarty and PHP and make your site.

It's ok if you have the know how and the time to program it, but really for very small projects it's just easier to just set up wordpress and secure the backend by using a few plugins and changing a few things manually.

**chatterbox** · 29 August, 2009, 09:53 AM

The AskApache is a good / easy way of implementing an additional layer of WP security
Password Protect your Blog with Apache .htaccess and .htpasswd

**bogart** · 30 August, 2009, 03:10 AM

The WP updates are very important. I investigated the WordPress 2.8.4 and it is a security fix that fixes a vulnerability where a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner.

**A12Alex** · 30 August, 2009, 03:33 AM

Originally Posted by bogart

The WP updates are very important. I investigated the WordPress 2.8.4 and it is a security fix that fixes a vulnerability where a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner.

It's not really a security risk persay, it's just annoying.