Attention All WordPress Users

As far as I am aware off, there is a remote exploit in the 1.5.1.3 version of WordPress. Now I don’t know why Matt is taking so long to come out with version 1.5.2 seeing that the fix has already been out for a while but putting that aside for those of you who does care about security here is the fix for it straight from the WordPress Development Site.

Click here to download the fix.

Click here to view the source code.

Now all you have to do is download that file and upload it via FTP into your wordpress folder replacing the old “wp-settings.php” file.

It’s that easy.

A word of advice…it’s best to be safe than screwed. We wouldn’t want another Xiaxue episode to come out for some of your WordPress blogs now would we?

Update:
Alternatively, I found out from this site that if you don’t want to upload the file, you can just add this line to your .htaccess and it will result in the same thing as well.

php_flag register_globals off

Update:
It appears that the code for the htaccess may not work on some hosts which don’t allow you to set a “php_flag” so the first option of uploading the fixed wp-settings file is still the best option.

Update:
More detailed information and instructions on the matter can be found here.

7 thoughts on “Attention All WordPress Users

  1. Well…I refer to that as a term where a security breach that can completely screw up your blog and all the posts in it. 🙂

  2. I don’t wanna be screwed. Will be uploading the source codes soon Ed.

    *huggles wuggles*

    Cheers.

Leave a Reply

Your email address will not be published. Required fields are marked *