9rules Member
Entry Details:
Quick Asides:
Subscribe:
Most Recent Posts:
Recent Comments:
Recent Readers:
Meta:
As far as I am aware off, there is a remote exploit in the 1.5.1.3 version of WordPress. Now I don't know why Matt is taking so long to come out with version 1.5.2 seeing that the fix has already been out for a while but putting that aside for those of you who does care about security here is the fix for it straight from the WordPress Development Site.
Click here to download the fix.
Click here to view the source code.
Now all you have to do is download that file and upload it via FTP into your wordpress folder replacing the old "wp-settings.php" file.
It's that easy.
A word of advice…it's best to be safe than screwed. We wouldn't want another Xiaxue episode to come out for some of your WordPress blogs now would we?
Update:
Alternatively, I found out from this site that if you don't want to upload the file, you can just add this line to your .htaccess and it will result in the same thing as well.
php_flag register_globals off
Update:
It appears that the code for the htaccess may not work on some hosts which don't allow you to set a "php_flag" so the first option of uploading the fixed wp-settings file is still the best option.
Update:
More detailed information and instructions on the matter can be found here.
2 Trackback and Pingbacks: »
[...] From Kamigoroshi, if you’re too lazy to edit the file, just download the fix here, and upload it to your blog directory. It will replace wp-settings.php file. [...]
[...] Alright, even for those of you who patched up your 1.5.1.3 yesterday. Please update your Wordpress to the latest version. It has more features in it than just the fix as well…which was probably why it was taking Matt a little too long to come out with the release. [...]
5 People Said A Couple Of Things: »
Xiaxue episode?
Comment Permalink
Well…I refer to that as a term where a security breach that can completely screw up your blog and all the posts in it.
Comment Permalink
Done. Thanks for the heads-up.
Comment Permalink
I don’t wanna be screwed. Will be uploading the source codes soon Ed.
*huggles wuggles*
Cheers.
Comment Permalink
Done uploading that fix. And it really is that simple.
Thanks a lot, Edrei.
Comment Permalink
Leave a Comment