WordPress 2.6.2.: This release is in response to a recent warning to developers from Stefan Esser about the dangers of SQL Column Truncation and weaknesses of mt_rand(). The issue at hand that forced the release is discussed in detail on the WordPress.org blog post linked above. Basically the attack is complex, is dependent on open registration being turned on in your blog, but can be executed in theory and turns out to be more of an annoyance than an actual exploit.
If you have open registration on your blog, the WordPress.org team recommends that you upgrade your install to WordPress 2.6.2 A handful of other fixes are also included in this upgrade. Here is a list of changed files.
Well, my weblog doesn’t have an open registration, so I can bypass this update. Come-on next update π
There are other fixes that might have affected you. If not, then probably can wait until 2.7, which has the said fixes. If you use phpBB or another web application with WordPress on the same domain, then you probably want to upgrade anyway, because there are other exploits that could possibility be made against your blog through a security hole in another web application… in theory, maybe.
Ask a security expert.
you’ve to upgrade man! because each time dash board will tell you to upgrade. that is painful π
upgraded π
After upgrading from 2.6 to 2.6.2 I get this message every time I post a new article or edit a post: “could not open file!” (http://domain.tld/wp-admin/post.php)
The articles do end up getting postet, but why do I get that message? Anyone knows?
Well, I don’t have open registration .. heck, I don’t have anyone even view my site … but I figured, why get nagged to upgrade all the time!?
So I’m upgraded.
And everything works fine if anyone was worried … just security fixes.
I have open registration, i only set the site up last week, and today when i checked my emails i had over 20 new user registrations, all email addresses were nearly the same, all user names were “admin”, i defo think someone had tried to change my pass. Im upgraded, user accounts deleted and new pass. Lets hope it works ok.
Yes, there are active exploits in the wild for this one, so upgrading is really highly recommended.
No open registrations at my installations, but the other fixes might apply, so I upgraded. All is well.
Only thing that can stop the hackers is making sure your wordpress install is secured. You do this yourself not by waiting on wordpress developers. The script itself is the problem and many have already lost millions of dollars due to hackers.
You must take action yourself and not take inthe BS lies about just upgrade.. Upgrading will not stop the hackers.. Only one solution can stop the hackers and that is to change the way your wordpress blog functions (see the url)
James