I’ve checked a few blogs, and some of you are not running the latest version of WP which is 1.5.1.2
There IS a security issue with previous versions. It has been reported in the forums so there will be people out there trying these exploits. Upgrade your blog!
- Upgrade to 1.5.1.2
- Then delete the following files:install.php, install-helper.php, upgrade.php, upgrade-schema.php
- Install IOError’s Bad Behavior plugin
- And while you are there, make sure your login password is a good one. Make it at least 8 characters and a mix of numbers, lower-case and upper-case letters. If you have other members with admin priviledges, nag them too about this.
- If you are okay doing in phpMyAdmin, you should change your ‘table_prefix’. It’s set in the wp-config file and if you just change it there you will get an error so you need to change all of them in the database.
Go Mark Go. – Bad Behavior Rocks.
Hello Mark
I looked for these files and can’t find them, Some kind person must have done it for me ;)?
I read somewhere that there was no need to do a full update to 1.5.1.2 Instead just copy over a line of code. Damn if I can remember who’s blog I got it from ? However it did not change the version number to 1.5.1.2
I saved the line of code but erm can’t find it now. Did anyone else do this ?
Bad behaviour was done last week and stop comment spam dead.
spell check gone wonky Mark
follow up to my previous post. I found the manual fix which is as follows; here is the link
Please note this does not update the version number to 1.5.1.2 it just stays as 1.5.1.1
1. Open the wp-includes/template-functions-category.php file in a text editor like Wordpad.
2. Go to around line 103 where it says get_the_category_by_ID.
3. Create a new line after that and paste in $cat_ID = (int) $cat_ID;
That IS the security fix yes, though there was a glitch or two elsewhere fixed I think, so a full upgrade is what I would recommend.
As it stands, with a single line of code someone can fully access your site.
Yes Mark, the way I have read it, it is the security update from WP as per link I posted. If I am wrong then please do let me know. Sorry if I got it wrong;(
Ill do mine later, when I get round to reinstalling my FTP client.