Eng.Putnik

Regardless new bug found in WordPress, I dislike upgrade for this once. My solution:
Vulnerability can be exploited only if
1) user already registered
2) hacker know what is the name of theme in your blog

Bad news - by default anyone can register himself.
So
1) In admin page select “Users - Authors & Users” and delete all unauthorized persons
2) next in “Options - General” deselect “Anyone can register”. How did I miss this???
3) additionally you can change your theme’s name.
That’s all. Visitors can post comments sa before (by the way, test here but keep im mind all comments in my blog are pre-moderated). This self-registration usefulonly if your visitors are allowed leave both comments and posts.

ps: If this wordpress-related post was useful for you, would you be so kind as to link on this post? ;)

This entry was posted on Thursday, March 29th, 2007 at 9:31 and is filed under Web. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed. Your IP logged.