Sho Fukamachi Online

Ah, just when you thought WP had outgrown its massive, public security problems – surprise!

Happily, for anyone who knows anything, updating looks like this:

svn sw http://svn.automattic.com/wordpress/tags/2.8.4

However – this BS is still pretty inexcusable. I’ll be leaving WP “soon”. Unfortunately, since writing one’s own blog software is very much a hobby project, it’s been delayed a few times – but crap like this certainly inspires me to get it done soon.

update: Matt Mullenweg sez:

I’m not clairvoyant and I can’t predict what schemes spammers, hackers, crackers, and tricksters will come up with in the future to harm your blog

Matt, we’ve disagreed in the past, but I’m with you 100% on that one.

update 2: ooh, a blog I host – not this one, but a friend’s – was hacked. No risk to anywhere else of course; I am paranoid about security at the best of times and when it comes to WP I don’t take any chances. But still, interesting. The hack inserts a script to hide the new hostile administrator from you in the Users section; never seen that before. Happily, a quick visit to the web developer toolbar in FF got rid of that, and the user is now deleted, and there don’t seem to be any other effects. I don’t see anything weird in an SQL dump either. Currently debating if it’s worth nuking the site and redoing or just sitting it out until all these blogs get moved to another server anyway, which is imminent.

Tags: security, wordpress

This entry was posted on Sunday, September 6th, 2009 at 10:30 pm and is filed under lifestyle. You can follow any responses to this entry through the feed. You can skip to the end and leave a response. Pinging is currently not allowed.