Put this in your .htaccess file that covers your blog. Do it now.
php_flag register_globals off
There is an exploit which has been reported and the above fixes it. Blogs are being hacked because of this and you MUST put that code in place.
UPDATE: The forum thread is here: http://wordpress.org/support/topic/41836 and the main advice in there is to replace your wp-settings.php with this file instead: new file. If you have modified your .htaccess you do not have to replace the file, but doing both will not cause anything to go wrong.
Does it need to go anywhere in particular in the .htaccess file Mark?
Mine is just in with a bunch of other lines that are outside of the #WordPress code. In other sites I’ve just put it into, I’ve put that line at the start of the file.
Alternatively, I just found this:
http://www.kamigoroshi.net/archive/2005/08/13/771
Thank you! I rarely venture into the forum these days, and the Dashboard is worse than useless, so if I didn’t subscribe to your feed I’d never find out these things.
Great,
thanks Mark,
Tom
Hmmmm…this broke my Firefox plug-in for blogging websites — JustBlogIt.
Simply, Thank you Mark ๐
thanks for the nice tip. Which version exactly of wordpress had this problem? still there in word press 2.0