Comments on: Wordpress 2.2 Security Hole: Identity Theft

By: UeberTs Thoughts » strange accesses to Wordpress register page

UeberTs Thoughts » strange accesses to Wordpress register page — Thu, 11 Sep 2008 09:24:13 +0000

[...] wonder if it has to do with the current security hole (is there already an exploit ?), an earlier for Wordpress 2.2 or simply spam [...]

By: Hindsight… It’s is a wonderful thing! « Lee Kelleher’s Weblog

Fri, 18 Jul 2008 23:03:16 +0000

[...] to say, WordPress 2.2 has an ugly security hole which allows hackers to remotely inject SQL statements into the database. I’d heard about [...]

By: kev

kev — Sun, 07 Oct 2007 23:35:07 +0000

Do yourself a huge favor and take the version number out of your templates

I totally agree with you Tyler. This should be a strong recommandation to any template maker.

BTW, starting from RC1, K2 (the theme I use on this blog) will no longer show the Wordpress version number to the user. Sadly, it will be still there in the html code. So it’s a good start but not a solution at all…

By: Tyler

Tyler — Thu, 23 Aug 2007 23:54:18 +0000

Do yourself a huge favor and take the version number out of your templates, no one really needs to know what you’re running. People will just google for vulnerable versions, and can even automate the attack.

By: mhm

mhm — Tue, 17 Jul 2007 13:04:37 +0000

very interesting

By: Prevent Wordpress hacking » Sha dot Com Anak Melayu boleh blog! Mana gadis manis melayu aku?

Wed, 27 Jun 2007 01:47:29 +0000

[...] to Wordpress v2.2.1, please do so immediately. There has been bloggers on v2.2 like Hongkiat and coolkevman, who got hacked. The hackers search for blogs with v2.2 keyword string and did their worse. You [...]

By: Don’t get hacked! » Sha Money Maker dot com

Don’t get hacked! » Sha Money Maker dot com — Wed, 27 Jun 2007 00:05:36 +0000

By: PsychoPhil - Drink More Beer

PsychoPhil - Drink More Beer — Fri, 22 Jun 2007 21:18:07 +0000

[...] Wordpress 2.2 Security Hole: Identity Theft (tags: security wordpress software internet) – Posted in del.icio.us by del.icio.us trackback [...]

By: kev

kev — Fri, 22 Jun 2007 15:35:56 +0000

Would it be correct to think that this hack only affects WordPress installs that are open to registration?

Yes, that's right ! But it's not a good idea to skip this update simply because your Wordpress is not open to registration. As you can see in the v2.2.1 press release, this version also fix several bugs and vulnerabilities...

By: dalton

dalton — Fri, 22 Jun 2007 01:58:41 +0000

Would it be correct to think that this hack only affects WordPress installs that are open to registration? None of my blogs are. One of my main issues with WordPress at this point is the upgrade process…it would be really nice if they instituted some sort of upgrade system to make the whole process easier. I have four or five blogs to upgrade now, and it kind of ticks me off.

Though, I’ve been using WP for at least 3 years now, it’s become second nature, it sure would be hard to leave.